add notation about securing web installation

author: cyeh%bluemartini.com <> 2001-03-10 07:37:22 +0100
committer: cyeh%bluemartini.com <> 2001-03-10 07:37:22 +0100
commit: 9d8a61ca77c9baf697942d63949ef0726e0e1a8f (patch)
tree: ec5c29344cad76ac624652e01b6646a5a20e4323 /README
parent: 691b068eedd9f61472e268c7e633f21bfb72ca78 (diff)
download: bugzilla-9d8a61ca77c9baf697942d63949ef0726e0e1a8f.tar.gz
bugzilla-9d8a61ca77c9baf697942d63949ef0726e0e1a8f.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/README b/README
index a159a5bad..4515cb893 100644
--- a/README
+++ b/README
@@ -275,6 +275,13 @@ If you are using a newer version of Apache, both of the above lines will be
 (or will need to be) in the httpd.conf file, rather than srm.conf or
 access.conf.
 
+There are two critical directories and a file that should not be a served by
+the HTTP server. These are the 'data' and 'shadow' directories and the
+'localconfig' file. You should configure your HTTP server to not serve
+content from these files.  Failure to do so will expose critical passwords
+and other data. Please see your HTTP server configuration manual on how
+to do this. 
+
 2. Installing the Bugzilla Files
 
    You should untar the Bugzilla files into a directory that you're
author	cyeh%bluemartini.com <>	2001-03-10 07:37:22 +0100
committer	cyeh%bluemartini.com <>	2001-03-10 07:37:22 +0100
commit	9d8a61ca77c9baf697942d63949ef0726e0e1a8f (patch)
tree	ec5c29344cad76ac624652e01b6646a5a20e4323 /README
parent	691b068eedd9f61472e268c7e633f21bfb72ca78 (diff)
download	bugzilla-9d8a61ca77c9baf697942d63949ef0726e0e1a8f.tar.gz bugzilla-9d8a61ca77c9baf697942d63949ef0726e0e1a8f.tar.xz