diff options
author | gerv%gerv.net <> | 2002-05-09 06:16:36 +0200 |
---|---|---|
committer | gerv%gerv.net <> | 2002-05-09 06:16:36 +0200 |
commit | 78e1dc6bd8beed4e3884875ae8a4f96753dab9cf (patch) | |
tree | d75ce3ff9bfbcfb008c0ce75eb514acb09eddb9b /docs/sgml/administration.sgml | |
parent | b23550bf70319f5c051acedadd35d8ce30a43363 (diff) | |
download | bugzilla-78e1dc6bd8beed4e3884875ae8a4f96753dab9cf.tar.gz bugzilla-78e1dc6bd8beed4e3884875ae8a4f96753dab9cf.tar.xz |
The first installment of Gerv's spanking of the Bugzilla Guide. This is a work-in-progress.
Diffstat (limited to 'docs/sgml/administration.sgml')
-rw-r--r-- | docs/sgml/administration.sgml | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/docs/sgml/administration.sgml b/docs/sgml/administration.sgml index 8794a0e2c..6789ca071 100644 --- a/docs/sgml/administration.sgml +++ b/docs/sgml/administration.sgml @@ -1373,12 +1373,14 @@ Group3, since he isn't in Group4. make certain files world readable and/or writable. <emphasis>THIS IS INSECURE!</emphasis>. This means that anyone who can get access to your system can do whatever they want to your Bugzilla installation. - <note> + </para> + <note> + <para> This also means that if your webserver runs all cgi scripts as the same user/group, anyone on the system who can run cgi scripts will be able to take control of your Bugzilla installation. - </note> - </para> + </para> + </note> <para> On Apache, you can use .htaccess files to protect access to these directories, as outlined in <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=57161">Bug 57161</ulink> for the localconfig file, and <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=65572"> Bug 65572</ulink> for adequate protection in your data/ and shadow/ directories. |