add notation about securing web installation

git-svn-id: svn://10.0.0.236/trunk@89155 18797224-902f-48f8-a5cc-f745e15eee43
2001-03-09 22:37:22 +00:00 · 2001-03-09 22:37:22 +00:00 · 3b8b9400ee
commit 3b8b9400ee
parent df2fcd5992
1 changed files with 7 additions and 0 deletions
--- a/mozilla/webtools/bugzilla/README
+++ b/mozilla/webtools/bugzilla/README
@ -275,6 +275,13 @@ If you are using a newer version of Apache, both of the above lines will be
 (or will need to be) in the httpd.conf file, rather than srm.conf or
 access.conf.

+There are two critical directories and a file that should not be a served by
+the HTTP server. These are the 'data' and 'shadow' directories and the
+'localconfig' file. You should configure your HTTP server to not serve
+content from these files.  Failure to do so will expose critical passwords
+and other data. Please see your HTTP server configuration manual on how
+to do this. 
+
 2. Installing the Bugzilla Files

   You should untar the Bugzilla files into a directory that you're