Re: Securing Bugzilla

To: debian-security@lists.debian.org
Subject: Re: Securing Bugzilla
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 24 Sep 2002 11:20:31 -0400
Message-id: <[🔎] 20020924152031.GA8368@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 1032880336.23152.9.camel@lan-19a>
References: <[🔎] 1032879319.23152.5.camel@lan-19a> <[🔎] 20020924150400.GG7261@alcor.net> <[🔎] 1032880336.23152.9.camel@lan-19a>

On Tue, Sep 24, 2002 at 11:09:59AM -0400, Todd Charron wrote:

> Thanks for the prompt reply.
> 
> So putting an htaccess file in the root of the bugzilla dir (to control
> access by ip and through login/password) would be sufficient?  I thought
> it might be, but wanted to make sure there weren't any other security
> issues that I wasn't aware of with running it.

Where is 'the root of the bugzilla dir'?  If you mean /var/www/bugzilla,
then no, that is not sufficient.  You need to restrict access to the CGIs in
/usr/lib/cgi-bin/bugzilla.

-- 
 - mdz

Reply to:

References:
- Securing Bugzilla
  - From: Todd Charron <tcharron@mnsi.net>
- Re: Securing Bugzilla
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Securing Bugzilla
  - From: Todd Charron <tcharron@mnsi.net>

Prev by Date: Re: Securing Bugzilla
Next by Date: Re: Block 198.175 admins? who are they?
Previous by thread: Re: Securing Bugzilla
Next by thread: How reliable is "debsums"?
Index(es):
- Date
- Thread