From 78e1dc6bd8beed4e3884875ae8a4f96753dab9cf Mon Sep 17 00:00:00 2001
From: "gerv%gerv.net" <>
Date: Thu, 9 May 2002 04:16:36 +0000
Subject: The first installment of Gerv's spanking of the Bugzilla Guide. This
is a work-in-progress.
---
docs/sgml/administration.sgml | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
(limited to 'docs/sgml/administration.sgml')
diff --git a/docs/sgml/administration.sgml b/docs/sgml/administration.sgml
index 8794a0e2c..6789ca071 100644
--- a/docs/sgml/administration.sgml
+++ b/docs/sgml/administration.sgml
@@ -1373,12 +1373,14 @@ Group3, since he isn't in Group4.
make certain files world readable and/or writable. THIS IS
INSECURE!. This means that anyone who can get access to
your system can do whatever they want to your Bugzilla installation.
-
+
+
+
This also means that if your webserver runs all cgi scripts as the
same user/group, anyone on the system who can run cgi scripts will
be able to take control of your Bugzilla installation.
-
-
+
+
On Apache, you can use .htaccess files to protect access
to these directories, as outlined in Bug 57161 for the localconfig file, and Bug 65572 for adequate protection in your data/ and shadow/ directories.
--
cgit v1.2.3-24-g4f1b