summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorjake%bugzilla.org <>2004-12-02 13:21:27 +0100
committerjake%bugzilla.org <>2004-12-02 13:21:27 +0100
commitd8070af6b6a6ede39a318965f1c1303768e2a9db (patch)
treefe0201127f00d0b2bd1fd1c1af7c3ed75a5e3cb0 /docs
parent5a2b693c8cfcdb188eeaff860094d073149c3603 (diff)
downloadbugzilla-d8070af6b6a6ede39a318965f1c1303768e2a9db.tar.gz
bugzilla-d8070af6b6a6ede39a318965f1c1303768e2a9db.tar.xz
Reinstate the seperate security section as a chapter.
Diffstat (limited to 'docs')
-rw-r--r--docs/xml/Bugzilla-Guide.xml7
-rw-r--r--docs/xml/glossary.xml35
-rw-r--r--docs/xml/installation.xml284
-rw-r--r--docs/xml/security.xml411
4 files changed, 464 insertions, 273 deletions
diff --git a/docs/xml/Bugzilla-Guide.xml b/docs/xml/Bugzilla-Guide.xml
index 142b03d37..d12f6a817 100644
--- a/docs/xml/Bugzilla-Guide.xml
+++ b/docs/xml/Bugzilla-Guide.xml
@@ -9,6 +9,7 @@
<!ENTITY glossary SYSTEM "glossary.xml">
<!ENTITY installation SYSTEM "installation.xml">
<!ENTITY administration SYSTEM "administration.xml">
+<!ENTITY security SYSTEM "security.xml">
<!ENTITY using SYSTEM "using.xml">
<!ENTITY integration SYSTEM "integration.xml">
<!ENTITY index SYSTEM "index.xml">
@@ -34,6 +35,7 @@
<!ENTITY bz-nextver "2.20">
<!ENTITY bz-date "2004-10-24">
<!ENTITY % bz-devel "INCLUDE">
+<!ENTITY current-year "2004">
<!ENTITY landfillbase "http://landfill.bugzilla.org/bugzilla-tip/">
<!ENTITY bz "http://www.bugzilla.org/">
@@ -142,6 +144,9 @@
<!-- Administering Bugzilla -->
&administration;
+<!-- Securing Bugzilla -->
+&security;
+
<!-- Customizing Bugzilla -->
&customization;
@@ -188,4 +193,4 @@ sgml-parent-document:("Bugzilla-Guide.xml" "book" "chapter")
sgml-shorttag:t
sgml-tag-region-if-active:t
End:
--->
+--> \ No newline at end of file
diff --git a/docs/xml/glossary.xml b/docs/xml/glossary.xml
index 3893094c0..08ad45524 100644
--- a/docs/xml/glossary.xml
+++ b/docs/xml/glossary.xml
@@ -3,7 +3,7 @@
<glossdiv>
<title>0-9, high ascii</title>
- <glossentry>
+ <glossentry id="gloss-htaccess">
<glossterm>.htaccess</glossterm>
<glossdef>
@@ -195,7 +195,7 @@
<glossdiv id="gloss-d">
<title>D</title>
- <glossentry>
+ <glossentry id="gloss-daemon">
<glossterm>daemon</glossterm>
<glossdef>
@@ -208,6 +208,23 @@
a web server, are generally run as daemons.</para>
</glossdef>
</glossentry>
+
+ <glossentry id="gloss-dos">
+ <glossterm>DOS Attack</glossterm>
+
+ <glossdef>
+ <para>A DOS, or Denial of Service attack, is when a user attempts to
+ deny access to a web server by repeatadly accessing a page or sending
+ malformed requests to a webserver. This can be effectively prevented
+ by using <filename>mod_throttle</filename> as described in
+ <xref linkend="security-webserver-mod-throttle"/>. A D-DOS, or
+ Distributed Denial of Service attack, is when these requests come
+ from multiple sources at the same time. Unfortunately, these are much
+ more difficult to defend against.
+ </para>
+ </glossdef>
+ </glossentry>
+
</glossdiv>
<glossdiv id="gloss-g">
@@ -393,6 +410,19 @@
<glossdiv id="gloss-s">
<title>S</title>
+ <glossentry id="gloss-service">
+ <glossterm>Service</glossterm>
+
+ <glossdef>
+ <para>In Windows NT environment, a boot-time background application
+ is refered to as a service. These are generally managed through the
+ control pannel while logged in as an account with
+ <quote>Administrator</quote> level capabilities. For more
+ information, consult your Windows manual or the MSKB.
+ </para>
+ </glossdef>
+ </glossentry>
+
<glossentry>
<glossterm>
<acronym>SGML</acronym>
@@ -520,4 +550,3 @@ sgml-shorttag:t
sgml-tag-region-if-active:t
End:
-->
-
diff --git a/docs/xml/installation.xml b/docs/xml/installation.xml
index 9c60535a1..0f06b4735 100644
--- a/docs/xml/installation.xml
+++ b/docs/xml/installation.xml
@@ -1,5 +1,5 @@
<!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
-<!-- $Id: installation.xml,v 1.81 2004/11/25 08:50:59 jocuri%softhome.net Exp $ -->
+<!-- $Id: installation.xml,v 1.82 2004/12/02 04:21:27 jake%bugzilla.org Exp $ -->
<chapter id="installing-bugzilla">
<title>Installing Bugzilla</title>
@@ -520,7 +520,8 @@
<para>Poorly-configured MySQL and Bugzilla installations have
given attackers full access to systems in the past. Please take the
security parts of these guidelines seriously, even for Bugzilla
- machines hidden away behind your firewall.</para>
+ machines hidden away behind your firewall. Be certain to read
+ <xref linkend="security"/> for some important security tips.</para>
</warning>
<section id="localconfig">
@@ -560,70 +561,13 @@
<section id="mysql">
<title>MySQL</title>
- <section id="security-mysql">
- <title>Security</title>
-
- <para>MySQL ships as insecure by default.
- It allows anybody to on the local machine full administrative
- capabilities without requiring a password; the special
- MySQL root account (note: this is <emphasis>not</emphasis> the same as
- the system root) also has no password.
- Also, many installations default to running
- <application>mysqld</application> as the system root.
+ <caution>
+ <para>MySQL's default configuration is very insecure.
+ <xref linkend="security-mysql"/> has some good information for
+ improving your installation's security.
</para>
-
- <orderedlist>
- <listitem>
- <para>To disable the anonymous user account
- and set a password for the root user, execute the following. The
- root user password should be different to the bugs user password
- you set in
- <filename>localconfig</filename> in the previous section,
- and also different to
- the password for the system root account on your machine.
- </para>
- <screen> <prompt>bash$</prompt> mysql mysql
- <prompt>mysql&gt;</prompt> DELETE FROM user WHERE user = '';
- <prompt>mysql&gt;</prompt> UPDATE user SET password = password('<replaceable>new_password</replaceable>') WHERE user = 'root';
- <prompt>mysql&gt;</prompt> FLUSH PRIVILEGES;</screen>
-
- <para>From this point forward, to run the
- <filename>mysql</filename> command-line client,
- you will need to type
- <command>mysql -u root -p</command> and enter
- <replaceable>new_password</replaceable> when prompted.
- </para>
- </listitem>
-
- <listitem>
- <para>If you run MySQL on the same machine as your web server, you
- should disable remote access to MySQL by adding
- the following to your <filename>/etc/my.cnf</filename>:
- </para>
- <programlisting> [myslqd]
- # Prevent network access to MySQL.
- skip-networking</programlisting>
- </listitem>
-
- <listitem>
- <para>Consult the documentation that came with your system for
- information on making <application>mysqld</application> run as an
- unprivileged user.
- </para>
- </listitem>
-
- <listitem>
- <para>For added security, you could also run MySQL, or even all
- of Bugzilla
- in a chroot jail; however, instructions for doing that are beyond
- the scope of this document.
- </para>
- </listitem>
-
- </orderedlist>
-
- </section>
-
+ </caution>
+
<section id="install-setupdatabase">
<title>Allow large attachments</title>
@@ -765,7 +709,10 @@
<section id="http">
<title>Web server</title>
<para>Configure your web server according to the instructions in the
- appropriate section. The Bugzilla Team recommends Apache.
+ appropriate section. The Bugzilla Team recommends Apache. No matter
+ what webserver you choose, make sure that sensitive information is
+ not remotely available by ensuring that the access controls in
+ <xref linkend="security-webserver-access"/> are properly applied.
</para>
<section id="http-apache">
@@ -825,7 +772,7 @@
<para>Also, and this can't be stressed enough, make sure that files such as
<filename>localconfig</filename> and your <filename class="directory">data</filename>
- directory are secured as described in <xref linkend="security-access"/>.
+ directory are secured as described in <xref linkend="security-webserver-access"/>.
</para>
</section>
@@ -893,137 +840,6 @@
</note>
</section>
- <section id="security-access">
- <title>Web Server Access Controls</title>
-
- <para>Users of Apache can skip this section because
- Bugzilla ships with <filename>.htaccess</filename> files which
- restrict access in the manner required.
- Users of other webservers, read on.
- </para>
-
- <para>There are several files in the Bugzilla directory
- that should not be accessible from the web. You need to configure
- your webserver so they they aren't. Not doing this may reveal
- sensitive information such as database passwords.
- </para>
-
- <itemizedlist spacing="compact">
- <listitem>
- <para>In the main Bugzilla directory, you should:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Block:
- <simplelist type="inline">
- <member><filename>*.pl</filename></member>
- <member><filename>*localconfig*</filename></member>
- <member><filename>runtests.sh</filename></member>
- </simplelist>
- </para>
- </listitem>
- <listitem>
- <para>But allow:
- <simplelist type="inline">
- <member><filename>localconfig.js</filename></member>
- <member><filename>localconfig.rdf</filename></member>
- </simplelist>
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
-
- <listitem>
- <para>In <filename class="directory">data</filename>:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Block everything</para>
- </listitem>
- <listitem>
- <para>But allow:
- <simplelist type="inline">
- <member><filename>duplicates.rdf</filename></member>
- </simplelist>
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
-
- <listitem>
- <para>In <filename class="directory">data/webdot</filename>:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>If you use a remote webdot server:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Block everything</para>
- </listitem>
- <listitem>
- <para>But allow
- <simplelist type="inline">
- <member><filename>*.dot</filename></member>
- </simplelist>
- only for the remote webdot server</para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>Otherwise, if you use a local GraphViz:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Block everything</para>
- </listitem>
- <listitem>
- <para>But allow:
- <simplelist type="inline">
- <member><filename>*.png</filename></member>
- <member><filename>*.gif</filename></member>
- <member><filename>*.jpg</filename></member>
- <member><filename>*.map</filename></member>
- </simplelist>
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>And if you don't use any dot:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Block everything</para>
- </listitem>
- </itemizedlist>
- </listitem>
- </itemizedlist>
- </listitem>
-
- <listitem>
- <para>In <filename class="directory">Bugzilla</filename>:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Block everything</para>
- </listitem>
- </itemizedlist>
- </listitem>
-
- <listitem>
- <para>In <filename class="directory">template</filename>:</para>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Block everything</para>
- </listitem>
- </itemizedlist>
- </listitem>
- </itemizedlist>
-
- <para>You should test to make sure that the files mentioned above are
- not accessible from the Internet, especially your
- <filename>localconfig</filename> file which contains your database
- password. To test, simply point your web browser at the file; for
- example, to test mozilla.org's installation, we'd try to access
- <ulink url="http://bugzilla.mozilla.org/localconfig"/>. You should
- get a <errorcode>403</errorcode> <errorname>Forbidden</errorname>
- error.
- </para>
- </section>
</section>
@@ -1310,75 +1126,6 @@
</section>
- <section id="content-type">
-
- <title>Prevent users injecting malicious
- Javascript</title>
-
- <para>It is possible for a Bugzilla user to take advantage of character
- set encoding ambiguities to inject HTML into Bugzilla comments. This
- could include malicious scripts.
- Due to internationalization concerns, we are unable to
- incorporate by default the code changes suggested by
- <ulink
- url="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3">
- the CERT advisory</ulink> on this issue.
- If your installation is for an English speaking audience only, making the
- change below will prevent this problem.
- </para>
-
- <para>Simply locate the following line in
- <filename>Bugzilla/CGI.pm</filename>:
- <programlisting>$self->charset('');</programlisting>
- and change it to:
- <programlisting>$self->charset('ISO-8859-1');</programlisting>
- </para>
- </section>
-
- <section id="mod-throttle"
- xreflabel="Using mod_throttle to prevent Denial of Service attacks">
- <title>
- <filename>mod_throttle</filename></title>
-
- <para>It is possible for a user, by mistake or on purpose, to access
- the database many times in a row which can result in very slow access
- speeds for other users. If your Bugzilla installation is experiencing
- this problem, you may install the Apache module
- <filename>mod_throttle</filename>
- which can limit connections by IP address. You may download this module
- at
- <ulink url="http://www.snert.com/Software/mod_throttle/"/>.
- Follow the instructions to install into your Apache install.
- <emphasis>This module only functions with the Apache web
- server!</emphasis>
- The command you need is
- <command>ThrottleClientIP</command>. See the
- <ulink url="http://www.snert.com/Software/mod_throttle/">documentation</ulink>
- for more information.</para>
- </section>
-
- <section id="security-networking">
- <title>TCP/IP Ports</title>
-
- <para>A single-box Bugzilla only requires port 80, plus port 25 if
- you are using the optional email interface. You should firewall all
- other ports and/or disable services listening on them.
- </para>
- </section>
-
- <section id="security-daemon">
- <title>Daemon Accounts</title>
-
- <para>Many daemons, such as Apache's httpd and MySQL's mysqld default to
- running as either <quote>root</quote> or <quote>nobody</quote>. Running
- as <quote>root</quote> introduces obvious security problems, but the
- problems introduced by running everything as <quote>nobody</quote> may
- not be so obvious. Basically, if you're running every daemon as
- <quote>nobody</quote> and one of them gets compromised, they all get
- compromised. For this reason it is recommended that you create a user
- account for each daemon.
- </para>
- </section>
<section id="apache-addtype">
<title>Serving Alternate Formats with the right MIME type</title>
@@ -1532,7 +1279,7 @@ $smtp->quit;
<para>As is the case on Unix based systems, any web server should be
able to handle Bugzilla; however, the Bugzilla Team still recommends
Apache whenever asked. No matter what web server you choose, be sure
- to pay attention to the security notes in <xref linkend="security-access"/>.
+ to pay attention to the security notes in <xref linkend="security-webserver-access"/>.
More information on configuring specific web servers can be found in
<xref linkend="http"/>.
</para>
@@ -2205,4 +1952,3 @@ sgml-shorttag:t
sgml-tag-region-if-active:t
End:
-->
-
diff --git a/docs/xml/security.xml b/docs/xml/security.xml
new file mode 100644
index 000000000..de859e6b5
--- /dev/null
+++ b/docs/xml/security.xml
@@ -0,0 +1,411 @@
+<!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
+<!-- $Id: security.xml,v 1.1 2004/12/02 04:21:27 jake%bugzilla.org Exp $ -->
+
+<chapter id="security">
+<title>Bugzilla Security</title>
+
+ <para>While some of the items in this chapter are related to the operating
+ system Bugzilla is running on or some of the support software required to
+ run Bugzilla, it is all related to protecting your data. This is not
+ intended to be a comprehensive guide to securing Linux, Apache, MySQL, or
+ any other piece of software mentioned. There is no substitute for active
+ administration and monitoring of a machine. The key to good security is
+ actually right in the middle of the word: <emphasis>U R It</emphasis>.
+ </para>
+
+ <para>While programmers in general always strive to write secure code,
+ accidents can and do happen. The best approach to security is to always
+ assume that the program you are working with isn't 100% secure and restrict
+ its access to other parts of your machine as much as possible.
+ </para>
+
+ <section id="security-os">
+ <title>Operating System</title>
+
+ <section id="security-os-ports">
+ <title>TCP/IP Ports</title>
+
+ <!-- TODO: Get exact number of ports -->
+ <para>The TCP/IP standard defines more than 65,000 ports for sending
+ and receiving traffic. Of those, Bugzilla needs exactly one to operate
+ (different configurations and options may require up to 3). You should
+ audit your server and make sure that you aren't listening on any ports
+ you don't need to be. It's also highly recommended that the server
+ Bugzilla resides on, along with any other machines you administer, be
+ placed behind some kinda of firewall.
+ </para>
+
+ </section>
+
+ <section id="security-os-accounts">
+ <title>System User Accounts</title>
+
+ <para>Many <glossterm linkend="gloss-daemon">daemon</glossterm>, such
+ as Apache's <filename>httpd</filename> or MySQL's
+ <filename>mysqld</filename>, run as either <quote>root</quote> or
+ <quote>nobody</quote>. This is even worse on Windows machines where the
+ majority of <glossterm linkend="gloss-service">services</glossterm>
+ run as <quote>SYSTEM</quote>. While running as <quote>root</quote> or
+ <quote>SYSTEM</quote> introduces obvious security concerns, the
+ problems introduced by running everything as <quote>nobody</quote> may
+ not be so obvious. Basically, if you run every daemon as
+ <quote>nobody</quote> and one of them gets comprimised it can
+ comprimise every other daemon running as <quote>nobody</quote> on your
+ machine. For this reason it is recommended that you create a user
+ account for each daemon.
+ </para>
+
+ <note>
+ <para>You will need to set the <option>webservergroup</option> option
+ in <filename>localconfig</filename> to the group your webserver runs
+ as. This will allow <filename>./checksetup.pl</filename> to set file
+ permissions on Unix systems so that nothing is world-writable.
+ </para>
+ </note>
+
+ </section>
+
+ <section id="security-os-chroot">
+ <title>The <filename>chroot</filename> Jail</title>
+
+ <para>If your system supports it, you may wish to consider running
+ Bugzilla inside of a <filename>chroot</filename> jail. This option
+ provides unpresidented security by restricting anything running
+ inside the jail from accessing any information outside of it. If you
+ wish to use this option, please consult the documentation that came
+ with your system.
+ </para>
+
+ </section>
+
+ </section>
+
+
+
+ <section id="security-mysql">
+ <title>MySQL</title>
+
+ <section id="security-mysql-account">
+ <title>The MySQL System Account</title>
+
+ <para>As mentioned in <xref linkend="security-os-accounts"/>, the MySQL
+ daemon should run as a non-privleged, unique user. Be sure to consult
+ the MySQL documentation or the documentation that came with your system
+ for instructions.
+ </para>
+ </section>
+
+ <section id="security-mysql-root">
+ <title>The MySQL <quote>root</quote> and <quote>anonymous</quote> Users</title>
+
+ <para>By default, MySQL comes with a <quote>root</quote> user with a
+ blank password and an <quote>anonymous</quote> user, also with a blank
+ password. In order to protect your data, the <quote>root</quote> user
+ should be given a password and the anonymous user should be disabled.
+ </para>
+
+ <example id="security-mysql-account-root">
+ <title>Assigning the MySQL <quote>root</quote> User a Password</title>
+
+ <screen>
+<prompt>bash$</prompt> mysql mysql
+<prompt>mysql&gt;</prompt> UPDATE user SET password = password('<replaceable>new_password</replaceable>') WHERE user = 'root';
+<prompt>mysql&gt;</prompt> FLUSH PRIVILEGES;
+ </screen>
+ </example>
+
+ <example id="security-mysql-account-anonymous">
+ <title>Disabling the MySQL <quote>anonymous</quote> User</title>
+ <screen>
+<prompt>bash$</prompt> mysql -u root -p mysql <co id="security-mysql-account-anonymous-mysql"/>
+<prompt>Enter Password:</prompt> <replaceable>new_password</replaceable>
+<prompt>mysql&gt;</prompt> DELETE FROM user WHERE user = '';
+<prompt>mysql&gt;</prompt> FLUSH PRIVILEGES;
+ </screen>
+ <calloutlist>
+ <callout arearefs="security-mysql-account-anonymous-mysql">
+ <para>This command assumes that you have already completed
+ <xref linkend="security-mysql-account-root"/>.
+ </para>
+ </callout>
+ </calloutlist>
+ </example>
+
+ </section>
+
+ <section id="security-mysql-network">
+ <title>Network Access</title>
+
+ <para>If MySQL and your webserver both run on the same machine and you
+ have no other reason to access MySQL remotely, then you should disable
+ the network access. This, along with the suggestion in
+ <xref linkend="security-os-ports"/>, will help protect your system from
+ any remote vulnerabilites in MySQL. This is done using different
+ methods in MySQL versions 3 and 4.
+ </para>
+
+ <example>
+ <title>Disabling Networking in MySQL 3.x</title>
+
+ <para>Simply enter the following in <filename>/etc/my.conf</filename>:
+ <screen>
+[myslqd]
+# Prevent network access to MySQL.
+skip-networking
+ </screen>
+ </para>
+ </example>
+
+ <example>
+ <title>Disabling Networking in MySQL 4.x</title>
+
+ <para>There's a bug in Bugzilla about this</para>
+ </example>
+
+ </section>
+
+
+<!-- For possible addition in the future: How to better control the bugs user
+ <section id="security-mysql-bugs">
+ <title>The bugs User</title>
+
+ </section>
+-->
+
+ </section>
+
+
+
+ <section id="security-webserver">
+ <title>Webserver</title>
+
+ <section id="security-webserver-access">
+ <title>Disabling Remote Access to Bugzilla Configuration Files</title>
+
+ <para>There are many files that are placed in the Bugzilla directory
+ area that should not be accessable from the web. Because of the way
+ Bugzilla is currently layed out, the list of what should and should not
+ be accessible is rather complicated. A new installation method is
+ currently in the works which should solve this by allowing files that
+ shouldn't be accessible from the web to be placed in directory outside
+ the webroot. See
+ <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=44659">bug 44659</ulink>
+ for more information.
+ </para>
+
+ <tip>
+ <para>Bugzilla ships with the ability to create
+ <glossterm linkend="gloss-htaccess"><filename>.htaccess</filename></glossterm>
+ files that enforce these rules. Instructions for enabling these
+ directives in Apache can be found in <xref linkend="http-apache"/>
+ </para>
+ </tip>
+
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>In the main Bugzilla directory, you should:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Block:
+ <simplelist type="inline">
+ <member><filename>*.pl</filename></member>
+ <member><filename>*localconfig*</filename></member>
+ <member><filename>runtests.sh</filename></member>
+ </simplelist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>But allow:
+ <simplelist type="inline">
+ <member><filename>localconfig.js</filename></member>
+ <member><filename>localconfig.rdf</filename></member>
+ </simplelist>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>In <filename class="directory">data</filename>:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Block everything</para>
+ </listitem>
+ <listitem>
+ <para>But allow:
+ <simplelist type="inline">
+ <member><filename>duplicates.rdf</filename></member>
+ </simplelist>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>In <filename class="directory">data/webdot</filename>:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>If you use a remote webdot server:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Block everything</para>
+ </listitem>
+ <listitem>
+ <para>But allow
+ <simplelist type="inline">
+ <member><filename>*.dot</filename></member>
+ </simplelist>
+ only for the remote webdot server</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Otherwise, if you use a local GraphViz:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Block everything</para>
+ </listitem>
+ <listitem>
+ <para>But allow:
+ <simplelist type="inline">
+ <member><filename>*.png</filename></member>
+ <member><filename>*.gif</filename></member>
+ <member><filename>*.jpg</filename></member>
+ <member><filename>*.map</filename></member>
+ </simplelist>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>And if you don't use any dot:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Block everything</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>In <filename class="directory">Bugzilla</filename>:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Block everything</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>In <filename class="directory">template</filename>:</para>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>Block everything</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+
+ <para>Be sure to test that data that should not be accessed remotely is
+ properly blocked. Of particular intrest is the localconfig file which
+ contains your database password. Also, be aware that many editors
+ create temporary and backup files in the working directory and that
+ those should also not be accessable. For more information, see
+ <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=186383">bug 186383</ulink>
+ or
+ <ulink url="http://online.securityfocus.com/bid/6501">Bugtraq ID 6501</ulink>.
+ To test, simply point your web browser at the file; for example, to
+ test mozilla.org's installation, we'd try to access
+ <ulink url="http://bugzilla.mozilla.org/localconfig"/>. You should get
+ a <errorcode>403</errorcode> <errorname>Forbidden</errorname> error.
+ </para>
+
+ <tip>
+ <para>Be sure to check <xref linkend="http"/> for instructions
+ specific to the webserver you use.
+ </para>
+ </tip>
+
+ </section>
+
+
+ <section id="security-webserver-mod-throttle">
+ <title>Using <filename>mod_throttle</filename> to Prevent a DOS</title>
+
+ <note>
+ <para>This section only applies to people who have chosen the Apache
+ webserver. It may be possible to do similar things with other
+ webservers. Consult the documentation that came with your webserver
+ to find out.
+ </para>
+ </note>
+
+ <para>It is possible for a user, by mistake or on purpose, to access
+ the database many times in a row which can result in very slow access
+ speeds for other users (effectively, a
+ <glossterm linkend="gloss-dos">DOS</glossterm> attack). If your
+ Bugzilla installation is experiencing this problem, you may install
+ the Apache module <filename>mod_throttle</filename> which can limit
+ connections by IP address. You may download this module at
+ <ulink url="http://www.snert.com/Software/mod_throttle/"/>.
+ Follow the instructions to install into your Apache install.
+ The command you need is
+ <command>ThrottleClientIP</command>. See the
+ <ulink url="http://www.snert.com/Software/mod_throttle/">documentation</ulink>
+ for more information.</para>
+ </section>
+
+
+ </section>
+
+
+ <section id="security-bugzilla">
+ <title>Bugzilla</title>
+
+ <section id="security-bugzilla-charset">
+ <title>Prevent users injecting malicious Javascript</title>
+
+ <para>It is possible for a Bugzilla user to take advantage of character
+ set encoding ambiguities to inject HTML into Bugzilla comments. This
+ could include malicious scripts.
+ Due to internationalization concerns, we are unable to
+ incorporate by default the code changes suggested by
+ <ulink
+ url="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3">
+ the CERT advisory</ulink> on this issue.
+ If your installation is for an English speaking audience only, making the
+ change below will prevent this problem.
+ </para>
+
+ <para>Simply locate the following line in
+ <filename>Bugzilla/CGI.pm</filename>:
+ <programlisting>$self->charset('');</programlisting>
+ and change it to:
+ <programlisting>$self->charset('ISO-8859-1');</programlisting>
+ </para>
+ </section>
+
+ </section>
+
+</chapter>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-always-quote-attributes:t
+sgml-auto-insert-required-elements:t
+sgml-balanced-tag-edit:t
+sgml-exposed-tags:nil
+sgml-general-insert-case:lower
+sgml-indent-data:t
+sgml-indent-step:2
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+sgml-minimize-attributes:nil
+sgml-namecase-general:t
+sgml-omittag:t
+sgml-parent-document:("Bugzilla-Guide.xml" "book" "chapter")
+sgml-shorttag:t
+sgml-tag-region-if-active:t
+End: -->