It is possible for a user, by mistake or on purpose, to access + the database many times in a row which can result in very slow + access speeds for other users. If your Bugzilla installation + is experiencing this problem , you may install the Apache + module mod_throttle which can limit + connections by ip-address. You may download this module at + http://www.snert.com/Software/Throttle/. Follow the instructions to install into your Apache install. This module only functions with the Apache web server!. You may use the ThrottleClientIP command provided by this module to accomplish this goal. See the Module Instructions for more information.
It is possible for a Bugzilla to execute malicious + Javascript code. Due to internationalization concerns, we are + unable to incorporate the code changes necessary to fulfill + the CERT advisory requirements mentioned in http://www.cet.org/tech_tips/malicious_code_mitigation.html/#3. Executing the following code snippet from a UNIX command shell will rectify the problem if your Bugzilla installation is intended for an English-speaking audience. As always, be sure your Bugzilla installation has a good backup before making changes, and I recommend you understand what the script is doing before executing it.
bash# cd $BUGZILLA_HOME; for i in `ls *.cgi`; \ + do cat $i | sed 's/Content-type\: text\/html/Content-Type: text\/html\; charset=ISO-8859-1/' >$i.tmp; \ + mv $i.tmp $i; done + |
All this one-liner command does is search for all instances of + "Content-type: text/html" and replaces it with + "Content-Type: text/html; charset=ISO-8859-1". + This specification prevents possible Javascript attacks on the + browser, and is suggested for all English-speaking sites. For + non-english-speaking Bugzilla sites, I suggest changing + "ISO-8859-1", above, to "UTF-8". +
This document was originally adapted from the Bonsai installation - instructions by Terry Weissman <terry@mozilla.org>. +> This document was originally adapted from the Bonsai + installation instructions by Terry Weissman + <terry@mozilla.org>.
The February 25, 1999 re-write of this page was done by Ry4an Brase - <ry4an@ry4an.org>, with some edits by Terry Weissman, Bryce Nesbitt, - Martin Pool, & Dan Mosedale (But don't send bug reports to them; - report them using bugzilla, at http://bugzilla.mozilla.org/enter_bug.cgi , - project Webtools, component Bugzilla). +> The February 25, 1999 re-write of this page was done by Ry4an + Brase <ry4an@ry4an.org>, with some edits by Terry + Weissman, Bryce Nesbitt, Martin Pool, & Dan Mosedale (But + don't send bug reports to them; report them using bugzilla, at + http://bugzilla.mozilla.org/enter_bug.cgi , project Webtools, + component Bugzilla).
This document was heavily modified again Wednesday, March 07 2001 to - reflect changes for Bugzilla 2.12 release by Matthew P. Barnson. The - securing MySQL section should be changed to become standard procedure - for Bugzilla installations. +> This document was heavily modified again Wednesday, March 07 + 2001 to reflect changes for Bugzilla 2.12 release by Matthew + P. Barnson. The securing MySQL section should be changed to + become standard procedure for Bugzilla installations.
Finally, the README in its entirety was marked up in SGML and included into - the Guide on April 24, 2001 by Matt Barnson. Since that time, it's undergone - extensive modification as Bugzilla grew. +> Finally, the README in its entirety was marked up in SGML and + included into the Guide on April 24, 2001 by Matt Barnson. + Since that time, it's undergone extensive modification as + Bugzilla grew.
Comments from people using this Guide for the first time are particularly welcome. +> Comments from people using this Guide for the first time are + particularly welcome.