diff options
Diffstat (limited to 'docs/html')
| -rw-r--r-- | docs/html/Bugzilla-Guide.html | 9 | ||||
| -rw-r--r-- | docs/html/security.html | 9 |
2 files changed, 12 insertions, 6 deletions
diff --git a/docs/html/Bugzilla-Guide.html b/docs/html/Bugzilla-Guide.html index 76c9b8dc3..0712a5146 100644 --- a/docs/html/Bugzilla-Guide.html +++ b/docs/html/Bugzilla-Guide.html @@ -5336,11 +5336,14 @@ TARGET="_top" ></LI ><LI ><P -> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig, - and $BUGZILLA_HOME/shadow directories. +> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and + $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file. The localconfig file stores your "bugs" user password, which would be terrible to have in the hands - of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information. + of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and + $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure + these directories and this file, you will expose bug information to those who may not + be allowed to see it. </P ><P > On Apache, you can use .htaccess files to protect access to these directories, as outlined diff --git a/docs/html/security.html b/docs/html/security.html index 7c45ea1f9..220559a72 100644 --- a/docs/html/security.html +++ b/docs/html/security.html @@ -172,11 +172,14 @@ TARGET="_top" ></LI ><LI ><P -> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig, - and $BUGZILLA_HOME/shadow directories. +> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and + $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file. The localconfig file stores your "bugs" user password, which would be terrible to have in the hands - of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information. + of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and + $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure + these directories and this file, you will expose bug information to those who may not + be allowed to see it. </P ><P > On Apache, you can use .htaccess files to protect access to these directories, as outlined |