summaryrefslogtreecommitdiffstats
path: root/docs/html/security.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/html/security.html')
-rw-r--r--docs/html/security.html149
1 files changed, 2 insertions, 147 deletions
diff --git a/docs/html/security.html b/docs/html/security.html
index dc4b5b7c4..8d1b047d0 100644
--- a/docs/html/security.html
+++ b/docs/html/security.html
@@ -446,156 +446,11 @@ CLASS="filename"
is provided for those that want to know exactly what is created.
</P
><P
->Note the instructions which follow are Apache-specific. If you
+>FIX ME BEFORE RELEASE!!!!!
+ Note the instructions which follow are Apache-specific. If you
use IIS, Netscape, or other non-Apache web servers, please consult
your system documentation for how to secure these files from being
transmitted to curious users.</P
-><P
-><TT
-CLASS="filename"
->$BUGZILLA_HOME/.htaccess</TT
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><FONT
-COLOR="#000000"
-><PRE
-CLASS="programlisting"
->&#13;# don't allow people to retrieve non-cgi executable files or our private data
-&#60;FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$&#62;
- deny from all
-&#60;/FilesMatch&#62;
-&#60;FilesMatch ^(localconfig.js|localconfig.rdf)$&#62;
- allow from all
-&#60;/FilesMatch&#62;
- </PRE
-></FONT
-></TD
-></TR
-></TABLE
->
- </P
-><P
-><TT
-CLASS="filename"
->$BUGZILLA_HOME/data/.htaccess</TT
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><FONT
-COLOR="#000000"
-><PRE
-CLASS="programlisting"
->&#13;# nothing in this directory is retrievable unless overriden by an .htaccess
-# in a subdirectory; the only exception is duplicates.rdf, which is used by
-# duplicates.xul and must be loadable over the web
-deny from all
-&#60;Files duplicates.rdf&#62;
- allow from all
-&#60;/Files&#62;
- </PRE
-></FONT
-></TD
-></TR
-></TABLE
->
- </P
-><P
-><TT
-CLASS="filename"
->$BUGZILLA_HOME/data/webdot</TT
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><FONT
-COLOR="#000000"
-><PRE
-CLASS="programlisting"
->&#13;# Restrict access to .dot files to the public webdot server at research.att.com
-# if research.att.com ever changed their IP, or if you use a different
-# webdot server, you'll need to edit this
-&#60;FilesMatch ^[0-9]+\.dot$&#62;
- Allow from 192.20.225.10
- Deny from all
-&#60;/FilesMatch&#62;
-
-# Allow access by a local copy of 'dot' to .png, .gif, .jpg, and
-# .map files
-&#60;FilesMatch ^[0-9]+\.(png|gif|jpg|map)$&#62;
- Allow from all
-&#60;/FilesMatch&#62;
-
-# And no directory listings, either.
-Deny from all
- </PRE
-></FONT
-></TD
-></TR
-></TABLE
->
- </P
-><P
-><TT
-CLASS="filename"
->$BUGZILLA_HOME/Bugzilla/.htaccess</TT
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><FONT
-COLOR="#000000"
-><PRE
-CLASS="programlisting"
->&#13;# nothing in this directory is retrievable unless overriden by an .htaccess
-# in a subdirectory
-deny from all
- </PRE
-></FONT
-></TD
-></TR
-></TABLE
->
- </P
-><P
-><TT
-CLASS="filename"
->$BUGZILLA_HOME/template/.htaccess</TT
->
- <TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><FONT
-COLOR="#000000"
-><PRE
-CLASS="programlisting"
->&#13;# nothing in this directory is retrievable unless overriden by an .htaccess
-# in a subdirectory
-deny from all
- </PRE
-></FONT
-></TD
-></TR
-></TABLE
->
- </P
></LI
></OL
>