[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing Bugzilla

On Tue, Sep 24, 2002 at 10:55:19AM -0400, Todd Charron wrote:

>   I've recently been looking to setup bugzilla as a way to keep track
> of... well... bugs ;)  Anyway, while setting it up I noticed it was
> recommended for security to set create htaccess to 1 so that proper
> .htaccess files can be generated.  However, I also noticed that doing
> this on debian seems to have no effect and htaccess files are not
> generated.  Looking at the checksetup.pl file there's a comment "#  No
> htaccess on debian" and disables it (overriding the user defined
> setting).  
>   So my question is two parts.  
> 1) Why is htaccess disabled on Debian? (in bugzilla at least)  

Probably because bugzilla, in its default (non-Debian) configuration,
expects to be able to write to the directory where it is running, and other
nasty things.  In Debian, this sort of thing requires privileges that are
not granted to the web server and CGIs.

> 2) Is it possible then to securely use bugzilla on Debian?  If so what
> is the easiest way.  

Yes, the same way as any other web content.  Assuming you are using Apache,


 - mdz

Reply to: