docs: provide logging recommendations (#371)

mickael-hc · web-flow · commit 293f9e2372e5 · 2022-06-29T14:25:59.000-04:00
diff --git a/README.md b/README.md
@@ -54,6 +54,11 @@ or other security flaws.
 go-getter contains mitigations for some of these security issues, but should still be used with
 caution in security-critical contexts. See the available [security options](#Security-Options) that
 can be configured to mitigate some of these risks.
+
+go-getter may return values that contain caller-provided query parameters that can contain sensitive data.
+Context around what parameters are and are not sensitive is known only by the caller of go-getter, and specific to each use case.
+We recommend the caller ensure that go-getter's return values (e.g., error messages) are properly handled and sanitized to ensure
+sensitive data is not persisted to logs.
 ## URL Format
 
 go-getter uses a single string URL as input to download from a variety of
