Fix for confusing language regarding protection of data/ & shadow/ directories

and localconfig file.
author: barnboy%trilobyte.net <> 2001-04-25 16:38:17 +0200
committer: barnboy%trilobyte.net <> 2001-04-25 16:38:17 +0200
commit: 5d71f7bcd2f55a2b0de4f360a9d22df6b636b598 (patch)
tree: b4a893bf848f362b55e34bbb6cee9e00942aa165 /docs
parent: 2d4d7c92bfb4ce18e4413b1e66f30bd62a44e6ff (diff)
download: bugzilla-5d71f7bcd2f55a2b0de4f360a9d22df6b636b598.tar.gz
bugzilla-5d71f7bcd2f55a2b0de4f360a9d22df6b636b598.tar.xz
5 files changed, 34 insertions, 17 deletions
diff --git a/docs/html/Bugzilla-Guide.html b/docs/html/Bugzilla-Guide.html
index 76c9b8dc3..0712a5146 100644
--- a/docs/html/Bugzilla-Guide.html
+++ b/docs/html/Bugzilla-Guide.html
@@ -5336,11 +5336,14 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
-	    and $BUGZILLA_HOME/shadow directories.
+>	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </P
 ><P
 >	    On Apache, you can use .htaccess files to protect access to these directories, as outlined
diff --git a/docs/html/security.html b/docs/html/security.html
index 7c45ea1f9..220559a72 100644
--- a/docs/html/security.html
+++ b/docs/html/security.html
@@ -172,11 +172,14 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
-	    and $BUGZILLA_HOME/shadow directories.
+>	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </P
 ><P
 >	    On Apache, you can use .htaccess files to protect access to these directories, as outlined
diff --git a/docs/sgml/administration.sgml b/docs/sgml/administration.sgml
index c52cacebf..a35ba047d 100644
--- a/docs/sgml/administration.sgml
+++ b/docs/sgml/administration.sgml
@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
 	</LISTITEM>
 	<LISTITEM>
 	  <PARA>
-	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
-	    and $BUGZILLA_HOME/shadow directories.
+	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </PARA>
 	  <PARA>
 	    On Apache, you can use .htaccess files to protect access to these directories, as outlined
diff --git a/docs/txt/Bugzilla-Guide.txt b/docs/txt/Bugzilla-Guide.txt
index 88c6fd5ac..b31a112e6 100644
--- a/docs/txt/Bugzilla-Guide.txt
+++ b/docs/txt/Bugzilla-Guide.txt
@@ -1787,11 +1787,16 @@ Chapter 3. Administering Bugzilla
     4. Do not run Apache as "nobody". This will require very lax
        permissions in your Bugzilla directories. Run it, instead, as a
        user with a name, set via your httpd.conf file.
-    5. Ensure you have adequate access controls for $BUGZILLA_HOME/data/,
-       $BUGZILLA_HOME/localconfig, and $BUGZILLA_HOME/shadow directories.
-       The localconfig file stores your "bugs" user password, which would
-       be terrible to have in the hands of a criminal. Also some files
-       under $BUGZILLA_HOME/data store sensitive information.
+    5. Ensure you have adequate access controls for the
+       $BUGZILLA_HOME/data/ and $BUGZILLA_HOME/shadow/ directories, as
+       well as the $BUGZILLA_HOME/localconfig file. The localconfig file
+       stores your "bugs" user password, which would be terrible to have
+       in the hands of a criminal. Also some files under
+       $BUGZILLA_HOME/data/ store sensitive information, and
+       $BUGZILLA_HOME/shadow/ stores bug information for faster
+       retrieval. If you fail to secure these directories and this file,
+       you will expose bug information to those who may not be allowed to
+       see it.
        On Apache, you can use .htaccess files to protect access to these
        directories, as outlined in Bug 57161 for the localconfig file,
        and Bug 65572 for adequate protection in your data/ and shadow/
diff --git a/docs/xml/administration.xml b/docs/xml/administration.xml
index c52cacebf..a35ba047d 100644
--- a/docs/xml/administration.xml
+++ b/docs/xml/administration.xml
@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
 	</LISTITEM>
 	<LISTITEM>
 	  <PARA>
-	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
-	    and $BUGZILLA_HOME/shadow directories.
+	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </PARA>
 	  <PARA>
 	    On Apache, you can use .htaccess files to protect access to these directories, as outlined
author	barnboy%trilobyte.net <>	2001-04-25 16:38:17 +0200
committer	barnboy%trilobyte.net <>	2001-04-25 16:38:17 +0200
commit	5d71f7bcd2f55a2b0de4f360a9d22df6b636b598 (patch)
tree	b4a893bf848f362b55e34bbb6cee9e00942aa165 /docs
parent	2d4d7c92bfb4ce18e4413b1e66f30bd62a44e6ff (diff)
download	bugzilla-5d71f7bcd2f55a2b0de4f360a9d22df6b636b598.tar.gz bugzilla-5d71f7bcd2f55a2b0de4f360a9d22df6b636b598.tar.xz