From: cyeh%bluemartini.com <>
Date: Sat, 10 Mar 2001 06:37:22 +0000 (+0000)
Subject: add notation about securing web installation
X-Git-Tag: bugzilla-2.12~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d8a61ca77c9baf697942d63949ef0726e0e1a8f;p=thirdparty%2Fbugzilla.git

add notation about securing web installation
---

diff --git a/README b/README
index a159a5bad8..4515cb8931 100644
--- a/README
+++ b/README
@@ -275,6 +275,13 @@ If you are using a newer version of Apache, both of the above lines will be
 (or will need to be) in the httpd.conf file, rather than srm.conf or
 access.conf.
 
+There are two critical directories and a file that should not be a served by
+the HTTP server. These are the 'data' and 'shadow' directories and the
+'localconfig' file. You should configure your HTTP server to not serve
+content from these files.  Failure to do so will expose critical passwords
+and other data. Please see your HTTP server configuration manual on how
+to do this. 
+
 2. Installing the Bugzilla Files
 
    You should untar the Bugzilla files into a directory that you're