Skip to content

bugzilla
bugzilla
Commit 5d71f7bc authored by barnboy%trilobyte.net's avatar barnboy%trilobyte.net
Browse files
Options

Fix for confusing language regarding protection of data/ & shadow/ directories

and localconfig file.
parent 2d4d7c92
Show whitespace changes
Inline Side-by-side
Showing with 34 additions and 17 deletions
docs/html/Bugzilla-Guide.html
View file @ 5d71f7bc
...@@ -5336,11 +5336,14 @@ TARGET="_top" ...@@ -5336,11 +5336,14 @@ TARGET="_top"
></LI ></LI
><LI ><LI
><P ><P
> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig, > Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
and $BUGZILLA_HOME/shadow directories. $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password, The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands which would be terrible to have in the hands
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information. of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</P </P
><P ><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined > On Apache, you can use .htaccess files to protect access to these directories, as outlined
......
docs/html/security.html
View file @ 5d71f7bc
...@@ -172,11 +172,14 @@ TARGET="_top" ...@@ -172,11 +172,14 @@ TARGET="_top"
></LI ></LI
><LI ><LI
><P ><P
> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig, > Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
and $BUGZILLA_HOME/shadow directories. $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password, The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands which would be terrible to have in the hands
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information. of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</P </P
><P ><P
> On Apache, you can use .htaccess files to protect access to these directories, as outlined > On Apache, you can use .htaccess files to protect access to these directories, as outlined
......
docs/sgml/administration.sgml
View file @ 5d71f7bc
...@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA> ...@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
</LISTITEM> </LISTITEM>
<LISTITEM> <LISTITEM>
<PARA> <PARA>
Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig, Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
and $BUGZILLA_HOME/shadow directories. $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password, The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands which would be terrible to have in the hands
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information. of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</PARA> </PARA>
<PARA> <PARA>
On Apache, you can use .htaccess files to protect access to these directories, as outlined On Apache, you can use .htaccess files to protect access to these directories, as outlined
......
docs/txt/Bugzilla-Guide.txt
View file @ 5d71f7bc
...@@ -1787,11 +1787,16 @@ Chapter 3. Administering Bugzilla ...@@ -1787,11 +1787,16 @@ Chapter 3. Administering Bugzilla
4. Do not run Apache as "nobody". This will require very lax 4. Do not run Apache as "nobody". This will require very lax
permissions in your Bugzilla directories. Run it, instead, as a permissions in your Bugzilla directories. Run it, instead, as a
user with a name, set via your httpd.conf file. user with a name, set via your httpd.conf file.
5. Ensure you have adequate access controls for $BUGZILLA_HOME/data/, 5. Ensure you have adequate access controls for the
$BUGZILLA_HOME/localconfig, and $BUGZILLA_HOME/shadow directories. $BUGZILLA_HOME/data/ and $BUGZILLA_HOME/shadow/ directories, as
The localconfig file stores your "bugs" user password, which would well as the $BUGZILLA_HOME/localconfig file. The localconfig file
be terrible to have in the hands of a criminal. Also some files stores your "bugs" user password, which would be terrible to have
under $BUGZILLA_HOME/data store sensitive information. in the hands of a criminal. Also some files under
$BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster
retrieval. If you fail to secure these directories and this file,
you will expose bug information to those who may not be allowed to
see it.
On Apache, you can use .htaccess files to protect access to these On Apache, you can use .htaccess files to protect access to these
directories, as outlined in Bug 57161 for the localconfig file, directories, as outlined in Bug 57161 for the localconfig file,
and Bug 65572 for adequate protection in your data/ and shadow/ and Bug 65572 for adequate protection in your data/ and shadow/
......
docs/xml/administration.xml
View file @ 5d71f7bc
...@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA> ...@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
</LISTITEM> </LISTITEM>
<LISTITEM> <LISTITEM>
<PARA> <PARA>
Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig, Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
and $BUGZILLA_HOME/shadow directories. $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
The localconfig file stores your "bugs" user password, The localconfig file stores your "bugs" user password,
which would be terrible to have in the hands which would be terrible to have in the hands
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information. of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
these directories and this file, you will expose bug information to those who may not
be allowed to see it.
</PARA> </PARA>
<PARA> <PARA>
On Apache, you can use .htaccess files to protect access to these directories, as outlined On Apache, you can use .htaccess files to protect access to these directories, as outlined
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment