From: Daniel Gruno <humbedooh@apache.org>
Date: Mon, 30 Jul 2012 13:31:28 +0000 (+0000)
Subject: Add a security notice about using mod_lua on shared hosting.
X-Git-Tag: 2.5.0-alpha~6563
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=732e6f4139934f81ff8ea93bee7eeabe632c9f49;p=thirdparty%2Fapache%2Fhttpd.git

Add a security notice about using mod_lua on shared hosting.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1367081 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_lua.xml b/docs/manual/mod/mod_lua.xml
index 2b6268cfa5a..80d010f6c71 100644
--- a/docs/manual/mod/mod_lua.xml
+++ b/docs/manual/mod/mod_lua.xml
@@ -47,6 +47,13 @@ Until it is declared stable, usage and behavior may change
 at any time, even between stable releases of the 2.4.x series.
 Be sure to check the CHANGES file before upgrading.</note>
 
+<note type="warning"><title>Warning</title>
+<p>This module holds a great deal of power over httpd, which is both a 
+strength and a potential security risk. It is <b>not</b> recommended 
+that you use this module on server that is shared with users you do not 
+trust, as it can be abused to change the internal workings of httpd.</p>
+</note>
+
 </summary>
 
 <section id="basicconf"><title>Basic Configuration</title>