Thanks for the prompt reply. So putting an htaccess file in the root of the bugzilla dir (to control access by ip and through login/password) would be sufficient? I thought it might be, but wanted to make sure there weren't any other security issues that I wasn't aware of with running it.
Thanks again, Todd On Tue, 2002-09-24 at 11:04, Matt Zimmerman wrote: > On Tue, Sep 24, 2002 at 10:55:19AM -0400, Todd Charron wrote: > > > I've recently been looking to setup bugzilla as a way to keep track > > of... well... bugs ;) Anyway, while setting it up I noticed it was > > recommended for security to set create htaccess to 1 so that proper > > .htaccess files can be generated. However, I also noticed that doing > > this on debian seems to have no effect and htaccess files are not > > generated. Looking at the checksetup.pl file there's a comment "# No > > htaccess on debian" and disables it (overriding the user defined > > setting). > > So my question is two parts. > > 1) Why is htaccess disabled on Debian? (in bugzilla at least) > > Probably because bugzilla, in its default (non-Debian) configuration, > expects to be able to write to the directory where it is running, and other > nasty things. In Debian, this sort of thing requires privileges that are > not granted to the web server and CGIs. > > > 2) Is it possible then to securely use bugzilla on Debian? If so what > > is the easiest way. > > Yes, the same way as any other web content. Assuming you are using Apache, > see: > > http://httpd.apache.org/docs/howto/auth.html > > -- > - mdz > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >