summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcyeh%bluemartini.com <>2001-03-10 07:37:22 +0100
committercyeh%bluemartini.com <>2001-03-10 07:37:22 +0100
commit9d8a61ca77c9baf697942d63949ef0726e0e1a8f (patch)
treeec5c29344cad76ac624652e01b6646a5a20e4323
parent691b068eedd9f61472e268c7e633f21bfb72ca78 (diff)
downloadbugzilla-9d8a61ca77c9baf697942d63949ef0726e0e1a8f.tar.gz
bugzilla-9d8a61ca77c9baf697942d63949ef0726e0e1a8f.tar.xz
add notation about securing web installation
-rw-r--r--README7
1 files changed, 7 insertions, 0 deletions
diff --git a/README b/README
index a159a5bad..4515cb893 100644
--- a/README
+++ b/README
@@ -275,6 +275,13 @@ If you are using a newer version of Apache, both of the above lines will be
(or will need to be) in the httpd.conf file, rather than srm.conf or
access.conf.
+There are two critical directories and a file that should not be a served by
+the HTTP server. These are the 'data' and 'shadow' directories and the
+'localconfig' file. You should configure your HTTP server to not serve
+content from these files. Failure to do so will expose critical passwords
+and other data. Please see your HTTP server configuration manual on how
+to do this.
+
2. Installing the Bugzilla Files
You should untar the Bugzilla files into a directory that you're