summaryrefslogtreecommitdiffstats
path: root/docs/html/security.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/html/security.html')
-rw-r--r--docs/html/security.html175
1 files changed, 38 insertions, 137 deletions
diff --git a/docs/html/security.html b/docs/html/security.html
index c3fa07499..4bf56506e 100644
--- a/docs/html/security.html
+++ b/docs/html/security.html
@@ -4,19 +4,21 @@
>Bugzilla Security</TITLE
><META
NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+"><LINK
REL="HOME"
-TITLE="The Bugzilla Guide - 2.17.5 Development Release"
+TITLE="The Bugzilla Guide - 2.17.5
+ Development Release"
HREF="index.html"><LINK
REL="UP"
-TITLE="Administering Bugzilla"
-HREF="administration.html"><LINK
+TITLE="Installation"
+HREF="installation.html"><LINK
REL="PREVIOUS"
-TITLE="Groups and Group Security"
-HREF="groups.html"><LINK
+TITLE="OS Specific Installation Notes"
+HREF="os-specific.html"><LINK
REL="NEXT"
-TITLE="Template Customization"
-HREF="cust-templates.html"></HEAD
+TITLE="Troubleshooting"
+HREF="troubleshooting.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
@@ -36,7 +38,8 @@ CELLSPACING="0"
><TH
COLSPAN="3"
ALIGN="center"
->The Bugzilla Guide - 2.17.5 Development Release</TH
+>The Bugzilla Guide - 2.17.5
+ Development Release</TH
></TR
><TR
><TD
@@ -44,7 +47,7 @@ WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
-HREF="groups.html"
+HREF="os-specific.html"
ACCESSKEY="P"
>Prev</A
></TD
@@ -52,13 +55,13 @@ ACCESSKEY="P"
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
->Chapter 5. Administering Bugzilla</TD
+>Chapter 4. Installation</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
-HREF="cust-templates.html"
+HREF="troubleshooting.html"
ACCESSKEY="N"
>Next</A
></TD
@@ -74,7 +77,7 @@ CLASS="section"
><A
NAME="security"
></A
->5.6. Bugzilla Security</H1
+>4.5. Bugzilla Security</H1
><DIV
CLASS="warning"
><P
@@ -101,66 +104,10 @@ VALIGN="TOP"
guidelines seriously, even for Bugzilla machines hidden away behind
your firewall. 80% of all computer trespassers are insiders, not
anonymous crackers.</P
-></TD
-></TR
-></TABLE
-></DIV
-><DIV
-CLASS="note"
-><P
-></P
-><TABLE
-CLASS="note"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="../images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
->These instructions must, of necessity, be somewhat vague since
- Bugzilla runs on so many different platforms. If you have refinements
- of these directions, please submit a bug to <A
-HREF="http://bugzilla.mozilla.org/enter_bug.cgi?product=Bugzilla&component=Documentation"
-TARGET="_top"
->Bugzilla Documentation</A
->.
- </P
-></TD
-></TR
-></TABLE
-></DIV
-><DIV
-CLASS="warning"
-><P
-></P
-><TABLE
-CLASS="warning"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="../images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
><P
>This is not meant to be a comprehensive list of every possible
- security issue regarding the tools mentioned in this section. There is
+ security issue pertaining to the software mentioned in this section.
+ There is
no subsitute for reading the information written by the authors of any
software running on your system.
</P
@@ -175,10 +122,10 @@ CLASS="section"
><A
NAME="security-networking"
></A
->5.6.1. TCP/IP Ports</H2
+>4.5.1. TCP/IP Ports</H2
><P
>TCP/IP defines 65,000 some ports for trafic. Of those, Bugzilla
- only needs 1... 2 if you need to use features that require e-mail such
+ only needs 1, or 2 if you need to use features that require e-mail such
as bug moving or the e-mail interface from contrib. You should audit
your server and make sure that you aren't listening on any ports you
don't need to be. You may also wish to use some kind of firewall
@@ -193,7 +140,7 @@ CLASS="section"
><A
NAME="security-mysql"
></A
->5.6.2. MySQL</H2
+>4.5.2. MySQL</H2
><P
>MySQL ships by default with many settings that should be changed.
By defaults it allows anybody to connect from localhost without a
@@ -322,7 +269,7 @@ CLASS="section"
><A
NAME="security-daemon"
></A
->5.6.3. Daemon Accounts</H2
+>4.5.3. Daemon Accounts</H2
><P
>Many daemons, such as Apache's httpd and MySQL's mysqld default to
running as either <SPAN
@@ -344,8 +291,8 @@ CLASS="QUOTE"
<SPAN
CLASS="QUOTE"
>"nobody"</SPAN
-> and one of them gets comprimised, they all get
- comprimised. For this reason it is recommended that you create a user
+> and one of them gets compromised, they all get
+ compromised. For this reason it is recommended that you create a user
account for each daemon.
</P
><DIV
@@ -397,20 +344,17 @@ CLASS="section"
><A
NAME="security-access"
></A
->5.6.4. Web Server Access Controls</H2
+>4.5.4. Web Server Access Controls</H2
><P
>There are many files that are placed in the Bugzilla directory
area that should not be accessable from the web. Because of the way
- Bugzilla is currently layed out, the list of what should and should
- not be accessible is rather complicated. A new installation method
- is currently in the works which should solve this by allowing files
- that shouldn't be accessible from the web to be placed in directory
- outside the webroot. See
- <A
-HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=44659"
-TARGET="_top"
->&#13; bug 44659</A
-> for more information.
+ Bugzilla is currently laid out, the list of what should and should
+ not be accessible is rather complicated.
+ </P
+><P
+>Users of Apache don't need to worry about this, however, because
+ Bugzilla ships with .htaccess files which restrict access to all the
+ sensitive files in this section. Users of other webservers, read on.
</P
><P
></P
@@ -588,49 +532,6 @@ COMPACT="COMPACT"
></UL
></LI
></UL
-><DIV
-CLASS="tip"
-><P
-></P
-><TABLE
-CLASS="tip"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="../images/tip.gif"
-HSPACE="5"
-ALT="Tip"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
-><P
->Bugzilla ships with the ability to generate
- <TT
-CLASS="filename"
->.htaccess</TT
-> files instructing
- <A
-HREF="glossary.html#gloss-apache"
-><I
-CLASS="glossterm"
->Apache</I
-></A
-> which files
- should and should not be accessible. For more information, see
- <A
-HREF="http.html#http-apache"
->Section 4.4.1</A
->.
- </P
-></TD
-></TR
-></TABLE
-></DIV
><P
>You should test to make sure that the files mentioned above are
not accessible from the Internet, especially your
@@ -706,7 +607,7 @@ VALIGN="TOP"
><P
>You should check <A
HREF="http.html"
->Section 4.4</A
+>Section 4.2</A
> to see if instructions
have been included for your web server. You should also compare those
instructions with this list to make sure everything is properly
@@ -734,7 +635,7 @@ WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
-HREF="groups.html"
+HREF="os-specific.html"
ACCESSKEY="P"
>Prev</A
></TD
@@ -752,7 +653,7 @@ WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
-HREF="cust-templates.html"
+HREF="troubleshooting.html"
ACCESSKEY="N"
>Next</A
></TD
@@ -762,13 +663,13 @@ ACCESSKEY="N"
WIDTH="33%"
ALIGN="left"
VALIGN="top"
->Groups and Group Security</TD
+>OS Specific Installation Notes</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
-HREF="administration.html"
+HREF="installation.html"
ACCESSKEY="U"
>Up</A
></TD
@@ -776,7 +677,7 @@ ACCESSKEY="U"
WIDTH="33%"
ALIGN="right"
VALIGN="top"
->Template Customization</TD
+>Troubleshooting</TD
></TR
></TABLE
></DIV