summaryrefslogtreecommitdiffstats
path: root/docs/html/security.html
diff options
context:
space:
mode:
authorbarnboy%trilobyte.net <>2001-04-25 16:38:17 +0200
committerbarnboy%trilobyte.net <>2001-04-25 16:38:17 +0200
commit5d71f7bcd2f55a2b0de4f360a9d22df6b636b598 (patch)
treeb4a893bf848f362b55e34bbb6cee9e00942aa165 /docs/html/security.html
parent2d4d7c92bfb4ce18e4413b1e66f30bd62a44e6ff (diff)
downloadbugzilla-5d71f7bcd2f55a2b0de4f360a9d22df6b636b598.tar.gz
bugzilla-5d71f7bcd2f55a2b0de4f360a9d22df6b636b598.tar.xz
Fix for confusing language regarding protection of data/ & shadow/ directories
and localconfig file.
Diffstat (limited to 'docs/html/security.html')
-rw-r--r--docs/html/security.html9
1 files changed, 6 insertions, 3 deletions
diff --git a/docs/html/security.html b/docs/html/security.html
index 7c45ea1f9..220559a72 100644
--- a/docs/html/security.html
+++ b/docs/html/security.html
@@ -172,11 +172,14 @@ TARGET="_top"
></LI
><LI
><P
-> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
- and $BUGZILLA_HOME/shadow directories.
+> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
+ of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
+ these directories and this file, you will expose bug information to those who may not
+ be allowed to see it.
</P
><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined