<!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
-<!-- $Id: security.xml,v 1.1 2004/12/02 04:21:27 jake%bugzilla.org Exp $ -->
+<!-- $Id: security.xml,v 1.2 2004/12/03 22:56:31 jake%bugzilla.org Exp $ -->
<chapter id="security">
<title>Bugzilla Security</title>
audit your server and make sure that you aren't listening on any ports
you don't need to be. It's also highly recommended that the server
Bugzilla resides on, along with any other machines you administer, be
- placed behind some kinda of firewall.
+ placed behind some kind of firewall.
</para>
</section>
<section id="security-os-accounts">
<title>System User Accounts</title>
- <para>Many <glossterm linkend="gloss-daemon">daemon</glossterm>, such
+ <para>Many <glossterm linkend="gloss-daemon">daemons</glossterm>, such
as Apache's <filename>httpd</filename> or MySQL's
<filename>mysqld</filename>, run as either <quote>root</quote> or
<quote>nobody</quote>. This is even worse on Windows machines where the
not be so obvious. Basically, if you run every daemon as
<quote>nobody</quote> and one of them gets comprimised it can
comprimise every other daemon running as <quote>nobody</quote> on your
- machine. For this reason it is recommended that you create a user
+ machine. For this reason, it is recommended that you create a user
account for each daemon.
</para>
Bugzilla is currently layed out, the list of what should and should not
be accessible is rather complicated. A new installation method is
currently in the works which should solve this by allowing files that
- shouldn't be accessible from the web to be placed in directory outside
+ shouldn't be accessible from the web to be placed in a directory outside
the webroot. See
<ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=44659">bug 44659</ulink>
for more information.
To test, simply point your web browser at the file; for example, to
test mozilla.org's installation, we'd try to access
<ulink url="http://bugzilla.mozilla.org/localconfig"/>. You should get
- a <errorcode>403</errorcode> <errorname>Forbidden</errorname> error.
+ a <quote><errorcode>403</errorcode> <errorname>Forbidden</errorname></quote>
+ error.
</para>
<tip>
Due to internationalization concerns, we are unable to
incorporate by default the code changes suggested by
<ulink
- url="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3">
- the CERT advisory</ulink> on this issue.
+ url="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3">the
+ CERT advisory</ulink> on this issue.
If your installation is for an English speaking audience only, making the
- change below will prevent this problem.
+ change in <xref linkend="security-bugzilla-charset-ex"/> will prevent
+ this problem.
</para>
- <para>Simply locate the following line in
- <filename>Bugzilla/CGI.pm</filename>:
- <programlisting>$self->charset('');</programlisting>
- and change it to:
- <programlisting>$self->charset('ISO-8859-1');</programlisting>
- </para>
+ <example id="security-bugzilla-charset-ex">
+ <para>Locate the following line in
+ <filename>Bugzilla/CGI.pm</filename>:
+ <programlisting>$self->charset('');</programlisting>
+ and change it to:
+ <programlisting>$self->charset('ISO-8859-1');</programlisting>
+ </para>
+ </example>
</section>
</section>
sgml-shorttag:t
sgml-tag-region-if-active:t
End: -->
+
projects / thirdparty / bugzilla.git / commitdiff
