config.toml: add cautionary note around basic auth (#1109)

2026-02-03 08:40:31 +00:00 · 2019-03-07 08:51:18 -05:00
parent 36dae02c03
commit a4450c1142
1 changed files with 9 additions and 0 deletions
@@ -72,6 +72,15 @@ Port = ":3000"
 # Env override: ATHENS_GLOBAL_ENDPOINT
 GlobalEndpoint = "http://localhost:3001"

+# BASIC AUTH OPTIONS 
+# ==================
+# PLASE NOTE THAT THIS IS A BAD HACK AROUND 
+# THE FACT THAT GO DOES NOT SUPPORT PROPER AUTHENTICATION 
+# YET! YOUR BASIC AUTH CREDENTIALS CAN EASILY LEAK 
+# IN ATHENS LOGS AS WELL AS GO COMMAND LOGS.
+# THIS WILL BE ADDRESSED IN 1.13.
+# SEE https://github.com/golang/go/issues/30610
+
 # Username for basic auth
 # Env override: BASIC_AUTH_USER
 BasicAuthUser = ""