diff options
| author | gerv%gerv.net <> | 2008-04-04 13:47:03 +0200 |
|---|---|---|
| committer | gerv%gerv.net <> | 2008-04-04 13:47:03 +0200 |
| commit | ffe3c6ad2925254d665d0e5f1803e692119364ef (patch) | |
| tree | be36efbe872ed6f1307922b3249e35a5719c4d02 /docs/en/xml/administration.xml | |
| parent | 2e7e04b360412acf628ef5d27f933b0d0c23dc39 (diff) | |
| download | bugzilla-ffe3c6ad2925254d665d0e5f1803e692119364ef.tar.gz bugzilla-ffe3c6ad2925254d665d0e5f1803e692119364ef.tar.xz | |
The first installment of Gerv's spanking of the Bugzilla Guide. This is a work-in-progress.
Diffstat (limited to 'docs/en/xml/administration.xml')
| -rw-r--r-- | docs/en/xml/administration.xml | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/docs/en/xml/administration.xml b/docs/en/xml/administration.xml index 8794a0e2c..6789ca071 100644 --- a/docs/en/xml/administration.xml +++ b/docs/en/xml/administration.xml @@ -1373,12 +1373,14 @@ Group3, since he isn't in Group4. make certain files world readable and/or writable. <emphasis>THIS IS INSECURE!</emphasis>. This means that anyone who can get access to your system can do whatever they want to your Bugzilla installation. - <note> + </para> + <note> + <para> This also means that if your webserver runs all cgi scripts as the same user/group, anyone on the system who can run cgi scripts will be able to take control of your Bugzilla installation. - </note> - </para> + </para> + </note> <para> On Apache, you can use .htaccess files to protect access to these directories, as outlined in <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=57161">Bug 57161</ulink> for the localconfig file, and <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=65572"> Bug 65572</ulink> for adequate protection in your data/ and shadow/ directories. |