summaryrefslogtreecommitdiffstats
path: root/docs/xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/xml')
-rw-r--r--docs/xml/administration.xml9
1 files changed, 6 insertions, 3 deletions
diff --git a/docs/xml/administration.xml b/docs/xml/administration.xml
index c52cacebf..a35ba047d 100644
--- a/docs/xml/administration.xml
+++ b/docs/xml/administration.xml
@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
</LISTITEM>
<LISTITEM>
<PARA>
- Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
- and $BUGZILLA_HOME/shadow directories.
+ Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
+ $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands
- of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
+ of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+ $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
+ these directories and this file, you will expose bug information to those who may not
+ be allowed to see it.
</PARA>
<PARA>
On Apache, you can use .htaccess files to protect access to these directories, as outlined