From 3f90ee2e05a08b490013825a7d792009cbfa692c Mon Sep 17 00:00:00 2001
From: Daniel Gruno <humbedooh@apache.org>
Date: Tue, 29 May 2012 17:50:39 +0000
Subject: [PATCH] Adding some additional security considerations. Thanks to
 Daniel Shahaf for these pointers.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1343877 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_log_forensic.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/manual/mod/mod_log_forensic.xml b/docs/manual/mod/mod_log_forensic.xml
index ab9ac6d69a6..5a31fb5c695 100644
--- a/docs/manual/mod/mod_log_forensic.xml
+++ b/docs/manual/mod/mod_log_forensic.xml
@@ -93,6 +93,10 @@ version 2.1</compatibility>
     document for details on why your security could be compromised
     if the directory where logfiles are stored is writable by
     anyone other than the user that starts the server.</p>
+    <p>The log files may contain sensitive data such as the contents of 
+    <code>Authorization:</code> headers (which can contain passwords), so
+    they should not be readable by anyone except the user that starts the
+    server.</p>
 </section>
 
 <directivesynopsis>
-- 
2.47.3