mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-14 05:45:37 +00:00
Fix for confusing language regarding protection of data/ & shadow/ directories
and localconfig file.
This commit is contained in:
parent
ef649afe1a
commit
84bd6fdde8
@ -5336,11 +5336,14 @@ TARGET="_top"
|
||||
></LI
|
||||
><LI
|
||||
><P
|
||||
> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
|
||||
and $BUGZILLA_HOME/shadow directories.
|
||||
> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
|
||||
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
|
||||
The localconfig file stores your "bugs" user password,
|
||||
which would be terrible to have in the hands
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
|
||||
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
|
||||
these directories and this file, you will expose bug information to those who may not
|
||||
be allowed to see it.
|
||||
</P
|
||||
><P
|
||||
> On Apache, you can use .htaccess files to protect access to these directories, as outlined
|
||||
|
@ -172,11 +172,14 @@ TARGET="_top"
|
||||
></LI
|
||||
><LI
|
||||
><P
|
||||
> Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
|
||||
and $BUGZILLA_HOME/shadow directories.
|
||||
> Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
|
||||
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
|
||||
The localconfig file stores your "bugs" user password,
|
||||
which would be terrible to have in the hands
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
|
||||
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
|
||||
these directories and this file, you will expose bug information to those who may not
|
||||
be allowed to see it.
|
||||
</P
|
||||
><P
|
||||
> On Apache, you can use .htaccess files to protect access to these directories, as outlined
|
||||
|
@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
|
||||
</LISTITEM>
|
||||
<LISTITEM>
|
||||
<PARA>
|
||||
Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
|
||||
and $BUGZILLA_HOME/shadow directories.
|
||||
Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
|
||||
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
|
||||
The localconfig file stores your "bugs" user password,
|
||||
which would be terrible to have in the hands
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
|
||||
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
|
||||
these directories and this file, you will expose bug information to those who may not
|
||||
be allowed to see it.
|
||||
</PARA>
|
||||
<PARA>
|
||||
On Apache, you can use .htaccess files to protect access to these directories, as outlined
|
||||
|
@ -1787,11 +1787,16 @@ Chapter 3. Administering Bugzilla
|
||||
4. Do not run Apache as "nobody". This will require very lax
|
||||
permissions in your Bugzilla directories. Run it, instead, as a
|
||||
user with a name, set via your httpd.conf file.
|
||||
5. Ensure you have adequate access controls for $BUGZILLA_HOME/data/,
|
||||
$BUGZILLA_HOME/localconfig, and $BUGZILLA_HOME/shadow directories.
|
||||
The localconfig file stores your "bugs" user password, which would
|
||||
be terrible to have in the hands of a criminal. Also some files
|
||||
under $BUGZILLA_HOME/data store sensitive information.
|
||||
5. Ensure you have adequate access controls for the
|
||||
$BUGZILLA_HOME/data/ and $BUGZILLA_HOME/shadow/ directories, as
|
||||
well as the $BUGZILLA_HOME/localconfig file. The localconfig file
|
||||
stores your "bugs" user password, which would be terrible to have
|
||||
in the hands of a criminal. Also some files under
|
||||
$BUGZILLA_HOME/data/ store sensitive information, and
|
||||
$BUGZILLA_HOME/shadow/ stores bug information for faster
|
||||
retrieval. If you fail to secure these directories and this file,
|
||||
you will expose bug information to those who may not be allowed to
|
||||
see it.
|
||||
On Apache, you can use .htaccess files to protect access to these
|
||||
directories, as outlined in Bug 57161 for the localconfig file,
|
||||
and Bug 65572 for adequate protection in your data/ and shadow/
|
||||
|
@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
|
||||
</LISTITEM>
|
||||
<LISTITEM>
|
||||
<PARA>
|
||||
Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
|
||||
and $BUGZILLA_HOME/shadow directories.
|
||||
Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
|
||||
$BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
|
||||
The localconfig file stores your "bugs" user password,
|
||||
which would be terrible to have in the hands
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data store sensitive information.
|
||||
of a criminal. Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
|
||||
$BUGZILLA_HOME/shadow/ stores bug information for faster retrieval. If you fail to secure
|
||||
these directories and this file, you will expose bug information to those who may not
|
||||
be allowed to see it.
|
||||
</PARA>
|
||||
<PARA>
|
||||
On Apache, you can use .htaccess files to protect access to these directories, as outlined
|
||||
|
Loading…
Reference in New Issue
Block a user