From 9d8a61ca77c9baf697942d63949ef0726e0e1a8f Mon Sep 17 00:00:00 2001
From: "cyeh%bluemartini.com" <>
Date: Sat, 10 Mar 2001 06:37:22 +0000
Subject: add notation about securing web installation

---
 README | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'README')

diff --git a/README b/README
index a159a5bad..4515cb893 100644
--- a/README
+++ b/README
@@ -275,6 +275,13 @@ If you are using a newer version of Apache, both of the above lines will be
 (or will need to be) in the httpd.conf file, rather than srm.conf or
 access.conf.
 
+There are two critical directories and a file that should not be a served by
+the HTTP server. These are the 'data' and 'shadow' directories and the
+'localconfig' file. You should configure your HTTP server to not serve
+content from these files.  Failure to do so will expose critical passwords
+and other data. Please see your HTTP server configuration manual on how
+to do this. 
+
 2. Installing the Bugzilla Files
 
    You should untar the Bugzilla files into a directory that you're
-- 
cgit v1.2.3-24-g4f1b