Ensure that sensitive authentication data such as API keys, tokens, passwords, and other credentials are never exposed in documentation, client-side code, logs, or configuration files. This includes both preventing accidental inclusion in documentation and implementing proper secure handling in application code.

Key practices:

Use secure input components (like FormPassword) for sensitive fields in forms
Set appropriate autoComplete attributes (“new-password” for passwords, “username” for usernames)
Review documentation and code comments to ensure no actual credentials are included
Implement proper credential storage and transmission mechanisms
Avoid logging or displaying sensitive authentication data

Example from authentication form:

// Good: Using FormPassword for sensitive data
<FormPassword
  autoComplete="new-password"
  placeholder={t('comfyui.apiKey.placeholder')}
/>

// Good: Using FormPassword for passwords
<FormPassword
  autoComplete="new-password"
  placeholder={t('comfyui.password.placeholder')}
/>

This practice prevents credential theft, unauthorized access, and security breaches that can occur when sensitive authentication data is inadvertently exposed through various channels.

Add Repository

Private Repository