summaryrefslogtreecommitdiffstats
path: root/docs/html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/html')
-rw-r--r--docs/html/Bugzilla-Guide.html9
-rw-r--r--docs/html/security.html9
2 files changed, 12 insertions, 6 deletions
diff --git a/docs/html/Bugzilla-Guide.html b/docs/html/Bugzilla-Guide.html
index 76c9b8dc3..0712a5146 100644
--- a/docs/html/Bugzilla-Guide.html
+++ b/docs/html/Bugzilla-Guide.html
@@ -5336,11 +5336,14 @@ TARGET="_top"
></LI
><LI
><P
-> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
- and $BUGZILLA_HOME/shadow directories.
+> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
+ of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
+ these directories and this file, you will expose bug information to those who may not
+ be allowed to see it.
</P
><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined
diff --git a/docs/html/security.html b/docs/html/security.html
index 7c45ea1f9..220559a72 100644
--- a/docs/html/security.html
+++ b/docs/html/security.html
@@ -172,11 +172,14 @@ TARGET="_top"
></LI
><LI
><P
-> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
- and $BUGZILLA_HOME/shadow directories.
+> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
+ of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
+ these directories and this file, you will expose bug information to those who may not
+ be allowed to see it.
</P
><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined