From 10cb60acca299932204796b01a2a0f4b713d8406 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= <gina@octoprint.org>
Date: Mon, 22 May 2017 19:24:20 +0200
Subject: [PATCH] [docs] Warn about the need to protect sensitive settings in
 plugins

---
 src/octoprint/plugin/types.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/octoprint/plugin/types.py b/src/octoprint/plugin/types.py
index ae54df94..c9be6153 100644
--- a/src/octoprint/plugin/types.py
+++ b/src/octoprint/plugin/types.py
@@ -1377,6 +1377,14 @@ class SettingsPlugin(OctoPrintPlugin):
 	Of course, you are always free to completely override both :func:`on_settings_load` and :func:`on_settings_save` if the
 	default implementations do not fit your requirements.
 
+
+	.. warning::
+
+	   Make sure to protect sensitive information stored by your plugin that only logged in administrators (or users)
+	   should have access to via :meth:`~octoprint.plugin.SettingsPlugin.get_settings_restricted_paths`. OctoPrint will
+	   return its settings on the REST API even to anonymous clients, but will filter out fields it know are restricted,
+	   therefore you **must** make sure that you specify sensitive information accordingly to limit access as required!
+
 	.. attribute:: _settings
 
 	   The :class:`~octoprint.plugin.PluginSettings` instance to use for accessing the plugin's settings. Injected by