diff options
author | jake%bugzilla.org <> | 2008-04-04 13:47:12 +0200 |
---|---|---|
committer | jake%bugzilla.org <> | 2008-04-04 13:47:12 +0200 |
commit | 57aa101cf330193c1e4f1f057ed0c62a0e988c66 (patch) | |
tree | 4918a5315af391966f368c7b12835673ecd1bf42 /docs/en | |
parent | 5f90e90f0a8c4d57568799ec5056ea9f4f762166 (diff) | |
download | bugzilla-57aa101cf330193c1e4f1f057ed0c62a0e988c66.tar.gz bugzilla-57aa101cf330193c1e4f1f057ed0c62a0e988c66.tar.xz |
Reinstate the seperate security section as a chapter.
Diffstat (limited to 'docs/en')
-rw-r--r-- | docs/en/xml/Bugzilla-Guide.xml | 171 | ||||
-rw-r--r-- | docs/en/xml/glossary.xml | 336 | ||||
-rw-r--r-- | docs/en/xml/installation.xml | 284 |
3 files changed, 368 insertions, 423 deletions
diff --git a/docs/en/xml/Bugzilla-Guide.xml b/docs/en/xml/Bugzilla-Guide.xml index bd0b3a4a1..d12f6a817 100644 --- a/docs/en/xml/Bugzilla-Guide.xml +++ b/docs/en/xml/Bugzilla-Guide.xml @@ -1,55 +1,93 @@ <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [ <!-- Include macros --> -<!ENTITY about SYSTEM "about.sgml"> -<!ENTITY conventions SYSTEM "conventions.sgml"> -<!ENTITY doc-index SYSTEM "index.sgml"> -<!ENTITY faq SYSTEM "faq.sgml"> -<!ENTITY gfdl SYSTEM "gfdl.sgml"> -<!ENTITY glossary SYSTEM "glossary.sgml"> -<!ENTITY installation SYSTEM "installation.sgml"> -<!ENTITY administration SYSTEM "administration.sgml"> -<!ENTITY using SYSTEM "using.sgml"> -<!ENTITY integration SYSTEM "integration.sgml"> -<!ENTITY future SYSTEM "future.sgml"> -<!ENTITY index SYSTEM "index.sgml"> -<!ENTITY database SYSTEM "database.sgml"> -<!ENTITY patches SYSTEM "patches.sgml"> -<!ENTITY variants SYSTEM "variants.sgml"> -<!ENTITY requiredsoftware SYSTEM "requiredsoftware.sgml"> -<!ENTITY revhistory SYSTEM "revhistory.sgml"> +<!ENTITY about SYSTEM "about.xml"> +<!ENTITY conventions SYSTEM "conventions.xml"> +<!ENTITY doc-index SYSTEM "index.xml"> +<!ENTITY faq SYSTEM "faq.xml"> +<!ENTITY gfdl SYSTEM "gfdl.xml"> +<!ENTITY glossary SYSTEM "glossary.xml"> +<!ENTITY installation SYSTEM "installation.xml"> +<!ENTITY administration SYSTEM "administration.xml"> +<!ENTITY security SYSTEM "security.xml"> +<!ENTITY using SYSTEM "using.xml"> +<!ENTITY integration SYSTEM "integration.xml"> +<!ENTITY index SYSTEM "index.xml"> +<!ENTITY customization SYSTEM "customization.xml"> +<!ENTITY patches SYSTEM "patches.xml"> +<!ENTITY introduction SYSTEM "introduction.xml"> +<!ENTITY modules SYSTEM "modules.xml"> + +<!-- Things to change for a stable release: + * bz-ver to current stable + * bz-nexver to next stable + * bz-date to the release date + * bz-devel to "IGNORE" + - COMPILE DOCS AND CHECKIN - + Also, tag and tarball before completing + * bz-ver to devel version + * bz-devel to "INCLUDE" + + For a devel release, simple bump bz-ver and bz-date +--> + +<!ENTITY bz-ver "2.19.1"> +<!ENTITY bz-nextver "2.20"> +<!ENTITY bz-date "2004-10-24"> +<!ENTITY % bz-devel "INCLUDE"> +<!ENTITY current-year "2004"> +<!ENTITY landfillbase "http://landfill.bugzilla.org/bugzilla-tip/"> <!ENTITY bz "http://www.bugzilla.org/"> -<!ENTITY bz-ver "2.16"> -<!ENTITY bz-cvs-ver "2.17"> -<!ENTITY bzg-date "April 2nd, 2002"> -<!ENTITY bzg-ver "2.16"> -<!ENTITY bzg-cvs-ver "2.17.0"> -<!ENTITY bzg-auth "The Bugzilla Team"> -<!ENTITY bzg-bugs "<ulink url='http://bugzilla.mozilla.org/enter_bug.cgi?product=Bugzilla&component=Documentation'>Bugzilla</ulink>"> +<!ENTITY bzg-bugs "<ulink url='http://bugzilla.mozilla.org/enter_bug.cgi?product=Bugzilla&component=Documentation'>Bugzilla Documentation</ulink>"> <!ENTITY mysql "http://www.mysql.com/"> -<!ENTITY perl-ver "5.6.1"> +<!ENTITY newest-perl-ver "5.8.3"> + +<!-- For minimum versions --> +<!ENTITY min-mysql-ver "3.23.41"> +<!ENTITY min-perl-ver "5.6.0"> +<!ENTITY min-perl-ver-win "5.8.1"> +<!ENTITY min-template-ver "2.08"> +<!ENTITY min-file-temp-ver "any"> +<!ENTITY min-appconfig-ver "1.52"> +<!ENTITY min-text-wrap-ver "2001.0131"> +<!ENTITY min-file-spec-ver "0.82"> +<!ENTITY min-data-dumper-ver "any"> +<!ENTITY min-dbd-mysql-ver "2.1010"> +<!ENTITY min-dbi-ver "1.36"> +<!ENTITY min-date-format-ver "2.21"> +<!ENTITY min-cgi-ver "2.93"> +<!-- Optional modules --> +<!ENTITY min-gd-ver "1.20"> +<!ENTITY min-gd-graph-ver "any"> +<!ENTITY min-gd-text-align-ver "any"> +<!ENTITY min-chart-base-ver "1.0"> +<!ENTITY min-xml-parser-ver "any"> +<!ENTITY min-mime-parser-ver "any"> +<!ENTITY min-patchreader-ver "0.9.4"> ]> <!-- Coding standards for this document -* Other than the GFDL, please use the "section" tag instead of "sect1", "sect2", etc. -* Use Entities to include files for new chapters in Bugzilla-Guide.sgml. +* Other than the GFDL, please use the "section" tag instead of "sect1", + "sect2", etc. +* Use Entities to include files for new chapters in Bugzilla-Guide.xml. * Try to use Entities for frequently-used passages of text as well. * Ensure all documents compile cleanly to HTML after modification. -The warning, "DTDDECL catalog types not supported" is normal. + The warning, "DTDDECL catalog types not supported" is normal. * Try to index important terms wherever possible. * Use "glossterm" whenever you introduce a new term. -* Follow coding standards at http://www.linuxdoc.org, and -check out the KDE guidelines (they are nice, too) -http://i18n.kde.org/doc/markup.html -* All tags should be lowercase (needsfix) +* Follow coding standards at http://www.tldp.org, and + check out the KDE guidelines (they are nice, too) + http://i18n.kde.org/doc/markup.html +* All tags should be lowercase. * Please use sensible spacing. The comments at the very end of each -file define reasonable defaults for PSGML mode in EMACS. -Double-indent tags, use double spacing whenever possible, and -try to avoid clutter and feel free to waste space in the code to make it more readable. + file define reasonable defaults for PSGML mode in EMACS. +* Double-indent tags, use double spacing whenever possible, and + try to avoid clutter and feel free to waste space in the code to make it + more readable. --> @@ -58,35 +96,31 @@ try to avoid clutter and feel free to waste space in the code to make it more re <!-- Header --> <bookinfo> - <title>The Bugzilla Guide</title> + <title>The Bugzilla Guide - &bz-ver; + <![%bz-devel;[Development ]]>Release</title> <authorgroup> - - <author> - <firstname>Matthew</firstname> - <othername>P.</othername> - <surname>Barnson</surname> - <affiliation> - <address><email>mbarnson@sisna.com</email></address> - </affiliation> - </author> + <corpauthor>The Bugzilla Team</corpauthor> </authorgroup> + <pubdate>&bz-date;</pubdate> + <abstract> <para> - This is the documentation for Bugzilla, the mozilla.org - bug-tracking system. - Bugzilla is an enterprise-class piece of software - that powers issue-tracking for hundreds of - organizations around the world, tracking millions of bugs. + This is the documentation for Bugzilla, a + bug-tracking system from mozilla.org. + Bugzilla is an enterprise-class piece of software + that tracks millions of bugs and issues for hundreds of + organizations around the world. </para> + <para> - This documentation is maintained in DocBook 4.1.2 XML format. - Changes are best submitted as plain text or SGML diffs, attached - to a Bugzilla bug. + The most current version of this document can always be found on the + <ulink url="http://www.bugzilla.org/documentation.html">Bugzilla + Documentation Page</ulink>. </para> - </abstract> + </abstract> <keywordset> <keyword>Bugzilla</keyword> @@ -104,34 +138,31 @@ try to avoid clutter and feel free to waste space in the code to make it more re <!-- About This Guide --> &about; -<!-- Using Bugzilla --> -&using; - <!-- Installing Bugzilla --> &installation; <!-- Administering Bugzilla --> &administration; -<!-- Integrating Bugzilla with Third-Party Tools --> -&integration; +<!-- Securing Bugzilla --> +&security; + +<!-- Customizing Bugzilla --> +&customization; -<!-- Major Bugzilla Variants --> -&variants; +<!-- Using Bugzilla --> +&using; <!-- Appendix: The Frequently Asked Questions --> &faq; -<!-- Appendix: Required Bugzilla Software Links --> -&requiredsoftware; - -<!-- Appendix: The Database Schema --> -&database; - <!-- Appendix: Custom Patches --> &patches; -<!-- Appendix: The GNU Free Documentation License --> +<!-- Appendix: Manually Installing Perl Modules --> +&modules; + +<!-- Appendix: GNU Free Documentation License --> &gfdl; <!-- Glossary --> @@ -158,8 +189,8 @@ sgml-local-ecat-files:nil sgml-minimize-attributes:nil sgml-namecase-general:t sgml-omittag:t -sgml-parent-document:("Bugzilla-Guide.sgml" "book" "chapter") +sgml-parent-document:("Bugzilla-Guide.xml" "book" "chapter") sgml-shorttag:t sgml-tag-region-if-active:t End: ---> +-->
\ No newline at end of file diff --git a/docs/en/xml/glossary.xml b/docs/en/xml/glossary.xml index 3e40df58a..08ad45524 100644 --- a/docs/en/xml/glossary.xml +++ b/docs/en/xml/glossary.xml @@ -3,7 +3,7 @@ <glossdiv> <title>0-9, high ascii</title> - <glossentry> + <glossentry id="gloss-htaccess"> <glossterm>.htaccess</glossterm> <glossdef> @@ -15,10 +15,7 @@ to keep secret files which would otherwise compromise your installation - e.g. the <filename>localconfig</filename> - - file contains the password to your database. If this information were - generally available, and remote access to your database turned on, - you risk corruption of your database by computer criminals or the + file contains the password to your database. curious.</para> </glossdef> </glossentry> @@ -27,23 +24,66 @@ <glossdiv id="gloss-a"> <title>A</title> - <glossentry> + <glossentry id="gloss-apache"> <glossterm>Apache</glossterm> <glossdef> <para>In this context, Apache is the web server most commonly used - for serving up - <glossterm>Bugzilla</glossterm> - + for serving up Bugzilla pages. Contrary to popular belief, the apache web server has nothing to do with the ancient and noble Native American tribe, but instead derived its name from the fact that it was <quote>a patchy</quote> - version of the original <acronym>NCSA</acronym> - world-wide-web server.</para> + + <variablelist> + <title>Useful Directives when configuring Bugzilla</title> + + <varlistentry> + <term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#addhandler">AddHandler</ulink></computeroutput></term> + <listitem> + <para>Tell Apache that it's OK to run CGI scripts.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#allowoverride">AllowOverride</ulink></computeroutput></term> + <term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#options">Options</ulink></computeroutput></term> + <listitem> + <para>These directives are used to tell Apache many things about + the directory they apply to. For Bugzilla's purposes, we need + them to allow script execution and <filename>.htaccess</filename> + overrides. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/mod_dir.html#directoryindex">DirectoryIndex</ulink></computeroutput></term> + <listitem> + <para>Used to tell Apache what files are indexes. If you can + not add <filename>index.cgi</filename> to the list of valid files, + you'll need to set <computeroutput>$index_html</computeroutput> to + 1 in <filename>localconfig</filename> so + <command>./checksetup.pl</command> will create an + <filename>index.html</filename> that redirects to + <filename>index.cgi</filename>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><computeroutput><ulink url="http://httpd.apache.org/docs-2.0/mod/core.html#scriptinterpretersource">ScriptInterpreterSource</ulink></computeroutput></term> + <listitem> + <para>Used when running Apache on windows so the shebang line + doesn't have to be changed in every Bugzilla script. + </para> + </listitem> + </varlistentry> + </variablelist> + + <para>For more information about how to configure Apache for Bugzilla, + see <xref linkend="http-apache"/>. + </para> </glossdef> </glossentry> </glossdiv> @@ -56,7 +96,7 @@ <glossdef> <para>A - <quote>Bug</quote> + <quote>bug</quote> in Bugzilla refers to an issue entered into the database which has an associated number, assignments, comments, etc. Some also refer to a @@ -71,40 +111,36 @@ <glossterm>Bug Number</glossterm> <glossdef> - <para>Each Bugzilla Bug is assigned a number that uniquely identifies - that Bug. The Bug associated with a Bug Number can be pulled up via a + <para>Each Bugzilla bug is assigned a number that uniquely identifies + that bug. The bug associated with a bug number can be pulled up via a query, or easily from the very front page by typing the number in the "Find" box.</para> </glossdef> </glossentry> - <glossentry> - <glossterm>Bug Life Cycle</glossterm> + <glossentry id="gloss-bugzilla"> + <glossterm>Bugzilla</glossterm> <glossdef> - <para>A Bug has stages through which it must pass before becoming a - <quote>closed bug</quote>, - including acceptance, resolution, and verification. The - <quote>Bug Life Cycle</quote> - - is moderately flexible according to the needs of the organization - using it, though.</para> + <para>Bugzilla is the world-leading free software bug tracking system. + </para> </glossdef> </glossentry> + </glossdiv> - <glossentry> - <glossterm>Bugzilla</glossterm> + <glossdiv id="gloss-c"> + <title>C</title> + <glossentry id="gloss-cgi"> + <glossterm>Common Gateway Interface</glossterm> + <acronym>CGI</acronym> <glossdef> - <para>Bugzilla is the industry-standard bug tracking system. It is - quite popular among Open Source enthusiasts.</para> + <para><acronym>CGI</acronym> is an acronym for Common Gateway Interface. This is + a standard for interfacing an external application with a web server. Bugzilla + is an example of a <acronym>CGI</acronym> application. + </para> </glossdef> </glossentry> - </glossdiv> - - <glossdiv id="gloss-c"> - <title> - </title> <glossentry id="gloss-component"> <glossterm>Component</glossterm> @@ -118,23 +154,40 @@ </glossentry> <glossentry id="gloss-cpan"> - <glossterm> - <acronym>CPAN</acronym> - </glossterm> + <glossterm>Comprehensive Perl Archive Network</glossterm> + <acronym>CPAN</acronym> + <!-- TODO: Rewrite def for CPAN --> <glossdef> <para> <acronym>CPAN</acronym> stands for the - <quote>Comprehensive Perl Archive Network</quote> - - . CPAN maintains a large number of extremely useful + <quote>Comprehensive Perl Archive Network</quote>. + CPAN maintains a large number of extremely useful <glossterm>Perl</glossterm> + modules - encapsulated chunks of code for performing a + particular task.</para> + </glossdef> + </glossentry> + + <glossentry id="gloss-contrib"> + <glossterm><filename class="directory">contrib</filename></glossterm> - modules. By themselves, Perl modules generally do nothing, but when - used as part of a larger program, they provide much-needed algorithms - and functionality.</para> + <glossdef> + <para>The <filename class="directory">contrib</filename> directory is + a location to put scripts that have been contributed to Bugzilla but + are not a part of the official distribution. These scripts are written + by third parties and may be in languages other than perl. For those + that are in perl, there may be additional modules or other requirements + than those of the offical distribution. + <note> + <para>Scripts in the <filename class="directory">contrib</filename> + directory are not offically supported by the Bugzilla team and may + break in between versions. + </para> + </note> + </para> </glossdef> </glossentry> </glossdiv> @@ -142,7 +195,7 @@ <glossdiv id="gloss-d"> <title>D</title> - <glossentry> + <glossentry id="gloss-daemon"> <glossterm>daemon</glossterm> <glossdef> @@ -155,13 +208,29 @@ a web server, are generally run as daemons.</para> </glossdef> </glossentry> + + <glossentry id="gloss-dos"> + <glossterm>DOS Attack</glossterm> + + <glossdef> + <para>A DOS, or Denial of Service attack, is when a user attempts to + deny access to a web server by repeatadly accessing a page or sending + malformed requests to a webserver. This can be effectively prevented + by using <filename>mod_throttle</filename> as described in + <xref linkend="security-webserver-mod-throttle"/>. A D-DOS, or + Distributed Denial of Service attack, is when these requests come + from multiple sources at the same time. Unfortunately, these are much + more difficult to defend against. + </para> + </glossdef> + </glossentry> + </glossdiv> <glossdiv id="gloss-g"> - <title> - </title> + <title>G</title> - <glossentry> + <glossentry id="gloss-groups"> <glossterm>Groups</glossterm> <glossdef> @@ -169,29 +238,24 @@ <quote>Groups</quote> has a very special meaning to Bugzilla. Bugzilla's main security - mechanism comes by lumping users into groups, and assigning those - groups certain privileges to + mechanism comes by placing users in groups, and assigning those + groups certain privileges to view bugs in particular <glossterm>Products</glossterm> - - and - <glossterm>Components</glossterm> - in the <glossterm>Bugzilla</glossterm> - database.</para> </glossdef> </glossentry> </glossdiv> - <glossdiv id="gloss-i"> - <title>I</title> - - <glossentry id="gloss-infiniteloop"> - <glossterm>Infinite Loop</glossterm> + <glossdiv id="gloss-j"> + <title>J</title> + <glossentry id="gloss-javascript"> + <glossterm>JavaScript</glossterm> <glossdef> - <para>A loop of information that never ends; see recursion.</para> + <para>JavaScript is cool, we should talk about it. + </para> </glossdef> </glossentry> </glossdiv> @@ -199,17 +263,56 @@ <glossdiv id="gloss-m"> <title>M</title> - <glossentry> - <glossterm>mysqld</glossterm> + <glossentry id="gloss-mta"> + <glossterm>Message Transport Agent</glossterm> + <acronym>MTA</acronym> <glossdef> - <para>mysqld is the name of the - <glossterm>daemon</glossterm> + <para>A Message Transport Agent is used to control the flow of email + on a system. Many unix based systems use + <ulink url="http://www.sendmail.org">sendmail</ulink> which is what + Bugzilla expects to find by default at <filename>/usr/sbin/sendmail</filename>. + Many other MTA's will work, but they all require that the + <option>sendmailnow</option> param be set to <literal>on</literal>. + </para> + </glossdef> + </glossentry> - for the MySQL database. In general, it is invoked automatically - through the use of the System V init scripts on GNU/Linux and - AT&T System V-based systems, such as Solaris and HP/UX, or - through the RC scripts on BSD-based systems.</para> + <glossentry id="gloss-mysql"> + <glossterm>MySQL</glossterm> + + <glossdef> + <para>MySQL is currently the required + <glossterm linkend="gloss-rdbms">RDBMS</glossterm> for Bugzilla. MySQL + can be downloaded from <ulink url="http://www.mysql.com"/>. While you + should familiarize yourself with all of the documentation, some high + points are: + </para> + <variablelist> + <varlistentry> + <term><ulink url="http://www.mysql.com/doc/en/Backup.html">Backup</ulink></term> + <listitem> + <para>Methods for backing up your Bugzilla database. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><ulink url="http://www.mysql.com/doc/en/Option_files.html">Option Files</ulink></term> + <listitem> + <para>Information about how to configure MySQL using + <filename>my.cnf</filename>. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><ulink url="http://www.mysql.com/doc/en/Privilege_system.html">Privilege System</ulink></term> + <listitem> + <para>Much more detailed information about the suggestions in + <xref linkend="security-mysql"/>. + </para> + </listitem> + </varlistentry> + </variablelist> </glossdef> </glossentry> </glossdiv> @@ -217,14 +320,25 @@ <glossdiv id="gloss-p"> <title>P</title> + <glossentry id="gloss-ppm"> + <glossterm>Perl Package Manager</glossterm> + <acronym>PPM</acronym> + + <glossdef> + <para><ulink url="http://aspn.activestate.com/ASPN/Downloads/ActivePerl/PPM/"/> + </para> + </glossdef> + </glossentry> + <glossentry> <glossterm id="gloss-product">Product</glossterm> <glossdef> - <para>A Product is a broad category of types of bugs. In general, - there are several Components to a Product. A Product may also define a + <para>A Product is a broad category of types of bugs, normally + representing a single piece of software or entity. In general, + there are several Components to a Product. A Product may define a group (used for security) for all bugs entered into - components beneath it.</para> + its Components.</para> </glossdef> </glossentry> @@ -262,7 +376,7 @@ bugs over their life cycle, thus the need for the <quote>QA Contact</quote> - field in a Bug.</para> + field in a bug.</para> </glossdef> </glossentry> </glossdiv> @@ -270,16 +384,25 @@ <glossdiv id="gloss-r"> <title>R</title> - <glossentry id="gloss-recursion" xreflabel="Recursion"> - <glossterm>Recursion</glossterm> + <glossentry id="gloss-rdbms"> + <glossterm>Relational DataBase Managment System</glossterm> + <acronym>RDBMS</acronym> <glossdef> - <para>The property of a function looking back at itself for - something. - <quote>GNU</quote>, for instance, stands for - <quote>GNU's Not UNIX</quote>, - thus recursing upon itself for definition. For further clarity, see - Infinite Loop.</para> + <para>A relational database management system is a database system + that stores information in tables that are related to each other. + </para> + </glossdef> + </glossentry> + + <glossentry id="gloss-regexp"> + <glossterm>Regular Expression</glossterm> + <acronym>regexp</acronym> + + <glossdef> + <para>A regular expression is an expression used for pattern matching. + <ulink url="http://perldoc.com/perl5.6/pod/perlre.html#Regular-Expressions">Documentation</ulink> + </para> </glossdef> </glossentry> </glossdiv> @@ -287,6 +410,19 @@ <glossdiv id="gloss-s"> <title>S</title> + <glossentry id="gloss-service"> + <glossterm>Service</glossterm> + + <glossdef> + <para>In Windows NT environment, a boot-time background application + is refered to as a service. These are generally managed through the + control pannel while logged in as an account with + <quote>Administrator</quote> level capabilities. For more + information, consult your Windows manual or the MSKB. + </para> + </glossdef> + </glossentry> + <glossentry> <glossterm> <acronym>SGML</acronym> @@ -344,18 +480,51 @@ fixed, or an enhancement will be implemented.</para> </glossdef> </glossentry> + + <glossentry id="gloss-tcl"> + <glossterm>Tool Command Language</glossterm> + <acronym>TCL</acronym> + <glossdef> + <para>TCL is an open source scripting language available for Windows, + Macintosh, and Unix based systems. Bugzilla 1.0 was written in TCL but + never released. The first release of Bugzilla was 2.0, which was when + it was ported to perl. + </para> + </glossdef> + </glossentry> </glossdiv> <glossdiv id="gloss-z"> <title>Z</title> - <glossentry id="zarro-boogs-found" xreflabel="Zarro Boogs Found"> + <glossentry id="gloss-zarro"> <glossterm>Zarro Boogs Found</glossterm> <glossdef> - <para>This is the cryptic response sent by Bugzilla when a query - returned no results. It is just a goofy way of saying "Zero Bugs - Found".</para> + <para>This is just a goofy way of saying that there were no bugs + found matching your query. When asked to explain this message, + Terry had the following to say: + </para> + + <blockquote> + <attribution>Terry Weissman</attribution> + <para>I've been asked to explain this ... way back when, when + Netscape released version 4.0 of its browser, we had a release + party. Naturally, there had been a big push to try and fix every + known bug before the release. Naturally, that hadn't actually + happened. (This is not unique to Netscape or to 4.0; the same thing + has happened with every software project I've ever seen.) Anyway, + at the release party, T-shirts were handed out that said something + like "Netscape 4.0: Zarro Boogs". Just like the software, the + T-shirt had no known bugs. Uh-huh. + </para> + + <para>So, when you query for a list of bugs, and it gets no results, + you can think of this as a friendly reminder. Of *course* there are + bugs matching your query, they just aren't in the bugsystem yet... + </para> + </blockquote> + </glossdef> </glossentry> </glossdiv> @@ -376,9 +545,8 @@ sgml-local-ecat-files:nil sgml-minimize-attributes:nil sgml-namecase-general:t sgml-omittag:t -sgml-parent-document:("Bugzilla-Guide.sgml" "book" "chapter") +sgml-parent-document:("Bugzilla-Guide.xml" "book" "chapter") sgml-shorttag:t sgml-tag-region-if-active:t End: --> - diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index 09586d326..ab7600432 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1,5 +1,5 @@ <!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> --> -<!-- $Id: installation.xml,v 1.81 2008/04/04 06:47:11 jocuri%softhome.net Exp $ --> +<!-- $Id: installation.xml,v 1.82 2008/04/04 06:47:12 jake%bugzilla.org Exp $ --> <chapter id="installing-bugzilla"> <title>Installing Bugzilla</title> @@ -520,7 +520,8 @@ <para>Poorly-configured MySQL and Bugzilla installations have given attackers full access to systems in the past. Please take the security parts of these guidelines seriously, even for Bugzilla - machines hidden away behind your firewall.</para> + machines hidden away behind your firewall. Be certain to read + <xref linkend="security"/> for some important security tips.</para> </warning> <section id="localconfig"> @@ -560,70 +561,13 @@ <section id="mysql"> <title>MySQL</title> - <section id="security-mysql"> - <title>Security</title> - - <para>MySQL ships as insecure by default. - It allows anybody to on the local machine full administrative - capabilities without requiring a password; the special - MySQL root account (note: this is <emphasis>not</emphasis> the same as - the system root) also has no password. - Also, many installations default to running - <application>mysqld</application> as the system root. + <caution> + <para>MySQL's default configuration is very insecure. + <xref linkend="security-mysql"/> has some good information for + improving your installation's security. </para> - - <orderedlist> - <listitem> - <para>To disable the anonymous user account - and set a password for the root user, execute the following. The - root user password should be different to the bugs user password - you set in - <filename>localconfig</filename> in the previous section, - and also different to - the password for the system root account on your machine. - </para> - <screen> <prompt>bash$</prompt> mysql mysql - <prompt>mysql></prompt> DELETE FROM user WHERE user = ''; - <prompt>mysql></prompt> UPDATE user SET password = password('<replaceable>new_password</replaceable>') WHERE user = 'root'; - <prompt>mysql></prompt> FLUSH PRIVILEGES;</screen> - - <para>From this point forward, to run the - <filename>mysql</filename> command-line client, - you will need to type - <command>mysql -u root -p</command> and enter - <replaceable>new_password</replaceable> when prompted. - </para> - </listitem> - - <listitem> - <para>If you run MySQL on the same machine as your web server, you - should disable remote access to MySQL by adding - the following to your <filename>/etc/my.cnf</filename>: - </para> - <programlisting> [myslqd] - # Prevent network access to MySQL. - skip-networking</programlisting> - </listitem> - - <listitem> - <para>Consult the documentation that came with your system for - information on making <application>mysqld</application> run as an - unprivileged user. - </para> - </listitem> - - <listitem> - <para>For added security, you could also run MySQL, or even all - of Bugzilla - in a chroot jail; however, instructions for doing that are beyond - the scope of this document. - </para> - </listitem> - - </orderedlist> - - </section> - + </caution> + <section id="install-setupdatabase"> <title>Allow large attachments</title> @@ -765,7 +709,10 @@ <section id="http"> <title>Web server</title> <para>Configure your web server according to the instructions in the - appropriate section. The Bugzilla Team recommends Apache. + appropriate section. The Bugzilla Team recommends Apache. No matter + what webserver you choose, make sure that sensitive information is + not remotely available by ensuring that the access controls in + <xref linkend="security-webserver-access"/> are properly applied. </para> <section id="http-apache"> @@ -825,7 +772,7 @@ <para>Also, and this can't be stressed enough, make sure that files such as <filename>localconfig</filename> and your <filename class="directory">data</filename> - directory are secured as described in <xref linkend="security-access"/>. + directory are secured as described in <xref linkend="security-webserver-access"/>. </para> </section> @@ -893,137 +840,6 @@ </note> </section> - <section id="security-access"> - <title>Web Server Access Controls</title> - - <para>Users of Apache can skip this section because - Bugzilla ships with <filename>.htaccess</filename> files which - restrict access in the manner required. - Users of other webservers, read on. - </para> - - <para>There are several files in the Bugzilla directory - that should not be accessible from the web. You need to configure - your webserver so they they aren't. Not doing this may reveal - sensitive information such as database passwords. - </para> - - <itemizedlist spacing="compact"> - <listitem> - <para>In the main Bugzilla directory, you should:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>Block: - <simplelist type="inline"> - <member><filename>*.pl</filename></member> - <member><filename>*localconfig*</filename></member> - <member><filename>runtests.sh</filename></member> - </simplelist> - </para> - </listitem> - <listitem> - <para>But allow: - <simplelist type="inline"> - <member><filename>localconfig.js</filename></member> - <member><filename>localconfig.rdf</filename></member> - </simplelist> - </para> - </listitem> - </itemizedlist> - </listitem> - - <listitem> - <para>In <filename class="directory">data</filename>:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>Block everything</para> - </listitem> - <listitem> - <para>But allow: - <simplelist type="inline"> - <member><filename>duplicates.rdf</filename></member> - </simplelist> - </para> - </listitem> - </itemizedlist> - </listitem> - - <listitem> - <para>In <filename class="directory">data/webdot</filename>:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>If you use a remote webdot server:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>Block everything</para> - </listitem> - <listitem> - <para>But allow - <simplelist type="inline"> - <member><filename>*.dot</filename></member> - </simplelist> - only for the remote webdot server</para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para>Otherwise, if you use a local GraphViz:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>Block everything</para> - </listitem> - <listitem> - <para>But allow: - <simplelist type="inline"> - <member><filename>*.png</filename></member> - <member><filename>*.gif</filename></member> - <member><filename>*.jpg</filename></member> - <member><filename>*.map</filename></member> - </simplelist> - </para> - </listitem> - </itemizedlist> - </listitem> - <listitem> - <para>And if you don't use any dot:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>Block everything</para> - </listitem> - </itemizedlist> - </listitem> - </itemizedlist> - </listitem> - - <listitem> - <para>In <filename class="directory">Bugzilla</filename>:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>Block everything</para> - </listitem> - </itemizedlist> - </listitem> - - <listitem> - <para>In <filename class="directory">template</filename>:</para> - <itemizedlist spacing="compact"> - <listitem> - <para>Block everything</para> - </listitem> - </itemizedlist> - </listitem> - </itemizedlist> - - <para>You should test to make sure that the files mentioned above are - not accessible from the Internet, especially your - <filename>localconfig</filename> file which contains your database - password. To test, simply point your web browser at the file; for - example, to test mozilla.org's installation, we'd try to access - <ulink url="http://bugzilla.mozilla.org/localconfig"/>. You should - get a <errorcode>403</errorcode> <errorname>Forbidden</errorname> - error. - </para> - </section> </section> @@ -1310,75 +1126,6 @@ </section> - <section id="content-type"> - - <title>Prevent users injecting malicious - Javascript</title> - - <para>It is possible for a Bugzilla user to take advantage of character - set encoding ambiguities to inject HTML into Bugzilla comments. This - could include malicious scripts. - Due to internationalization concerns, we are unable to - incorporate by default the code changes suggested by - <ulink - url="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3"> - the CERT advisory</ulink> on this issue. - If your installation is for an English speaking audience only, making the - change below will prevent this problem. - </para> - - <para>Simply locate the following line in - <filename>Bugzilla/CGI.pm</filename>: - <programlisting>$self->charset('');</programlisting> - and change it to: - <programlisting>$self->charset('ISO-8859-1');</programlisting> - </para> - </section> - - <section id="mod-throttle" - xreflabel="Using mod_throttle to prevent Denial of Service attacks"> - <title> - <filename>mod_throttle</filename></title> - - <para>It is possible for a user, by mistake or on purpose, to access - the database many times in a row which can result in very slow access - speeds for other users. If your Bugzilla installation is experiencing - this problem, you may install the Apache module - <filename>mod_throttle</filename> - which can limit connections by IP address. You may download this module - at - <ulink url="http://www.snert.com/Software/mod_throttle/"/>. - Follow the instructions to install into your Apache install. - <emphasis>This module only functions with the Apache web - server!</emphasis> - The command you need is - <command>ThrottleClientIP</command>. See the - <ulink url="http://www.snert.com/Software/mod_throttle/">documentation</ulink> - for more information.</para> - </section> - - <section id="security-networking"> - <title>TCP/IP Ports</title> - - <para>A single-box Bugzilla only requires port 80, plus port 25 if - you are using the optional email interface. You should firewall all - other ports and/or disable services listening on them. - </para> - </section> - - <section id="security-daemon"> - <title>Daemon Accounts</title> - - <para>Many daemons, such as Apache's httpd and MySQL's mysqld default to - running as either <quote>root</quote> or <quote>nobody</quote>. Running - as <quote>root</quote> introduces obvious security problems, but the - problems introduced by running everything as <quote>nobody</quote> may - not be so obvious. Basically, if you're running every daemon as - <quote>nobody</quote> and one of them gets compromised, they all get - compromised. For this reason it is recommended that you create a user - account for each daemon. - </para> - </section> <section id="apache-addtype"> <title>Serving Alternate Formats with the right MIME type</title> @@ -1532,7 +1279,7 @@ $smtp->quit; <para>As is the case on Unix based systems, any web server should be able to handle Bugzilla; however, the Bugzilla Team still recommends Apache whenever asked. No matter what web server you choose, be sure - to pay attention to the security notes in <xref linkend="security-access"/>. + to pay attention to the security notes in <xref linkend="security-webserver-access"/>. More information on configuring specific web servers can be found in <xref linkend="http"/>. </para> @@ -2205,4 +1952,3 @@ sgml-shorttag:t sgml-tag-region-if-active:t End: --> - |