codeant-ai-for-open-source[bot] commented on PR #36348: URL: https://github.com/apache/superset/pull/36348#issuecomment-3618226834
## Nitpicks 🔍 <table> <tr><td>🔒 <strong>No security issues identified</strong></td></tr> <tr><td>⚡ <strong>Recommended areas for review</strong><br><br> - [ ] <a href='https://github.com/apache/superset/pull/36348/files#diff-c320155d4d1897c6db7537287db470fd88c9e9b3badaf7e62927a0d4dc9cb12bR374-R374'><strong>Sensitive Information Exposure</strong></a><br>The new D1 docs show an example SQLAlchemy URI containing an API token. URIs (and the Extras field) can be logged, stored in the metadata DB, or exposed in UI screenshots — this could leak credentials. The docs should explicitly warn about these risks and recommend secure alternatives (Secure Extra, environment variables, or SQLALCHEMY_CUSTOM_PASSWORD_STORE).<br> - [ ] <a href='https://github.com/apache/superset/pull/36348/files#diff-c320155d4d1897c6db7537287db470fd88c9e9b3badaf7e62927a0d4dc9cb12bR374-R374'><strong>URL Encoding / Special Characters</strong></a><br>Connection tokens and account IDs may contain characters that break URL parsing (e.g., '@', ':', '/'). The D1 section doesn't mention URL-encoding special characters (there are other places in the doc that cover encoding); add a cross-reference or inline guidance to avoid confusing failures.<br> </td></tr> </table> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
