add notation about securing web installation

author cyeh%bluemartini.com <>

Sat, 10 Mar 2001 06:37:22 +0000 (06:37 +0000)

committer cyeh%bluemartini.com <>

Sat, 10 Mar 2001 06:37:22 +0000 (06:37 +0000)
author cyeh%bluemartini.com <>
Sat, 10 Mar 2001 06:37:22 +0000 (06:37 +0000)
committer cyeh%bluemartini.com <>
Sat, 10 Mar 2001 06:37:22 +0000 (06:37 +0000)
diff --git a/README b/README

index a159a5bad87ad5a80d665e3798d6d2877c2b18fc..4515cb8931a9fa8af171fcffcc04601a7fd18e66 100644 (file)
--- a/README
+++ b/README
@@ -275,6 +275,13 @@ If you are using a newer version of Apache, both of the above lines will be
  (or will need to be) in the httpd.conf file, rather than srm.conf or
  access.conf.
  
+There are two critical directories and a file that should not be a served by
+the HTTP server. These are the 'data' and 'shadow' directories and the
+'localconfig' file. You should configure your HTTP server to not serve
+content from these files.  Failure to do so will expose critical passwords
+and other data. Please see your HTTP server configuration manual on how
+to do this. 
+
  2. Installing the Bugzilla Files
  
     You should untar the Bugzilla files into a directory that you're
author	cyeh%bluemartini.com <>
	Sat, 10 Mar 2001 06:37:22 +0000 (06:37 +0000)
committer	cyeh%bluemartini.com <>
	Sat, 10 Mar 2001 06:37:22 +0000 (06:37 +0000)