From 3d9aced31ab5cf68777fd57dea7a3d22ddc7d84d Mon Sep 17 00:00:00 2001 From: Alyssa Coghlan Date: Thu, 8 Aug 2024 18:25:00 +1000 Subject: [PATCH] Add Direct URL security heading No changes to the spec, just adding a heading to highlight the notes on avoiding credential leaks. --- source/specifications/direct-url-data-structure.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/specifications/direct-url-data-structure.rst b/source/specifications/direct-url-data-structure.rst index 9ec8e2e34..6a4e8fe01 100644 --- a/source/specifications/direct-url-data-structure.rst +++ b/source/specifications/direct-url-data-structure.rst @@ -31,6 +31,9 @@ Depending on what ``url`` refers to, the second field MUST be one of ``vcs_info` local directory). These info fields have a (possibly empty) subdictionary as value, with the possible keys defined below. +Security Considerations +----------------------- + When persisted, ``url`` MUST be stripped of any sensitive authentication information, for security reasons.