On Tue, Sep 24, 2002 at 11:09:59AM -0400, Todd Charron wrote: > Thanks for the prompt reply. > > So putting an htaccess file in the root of the bugzilla dir (to control > access by ip and through login/password) would be sufficient? I thought > it might be, but wanted to make sure there weren't any other security > issues that I wasn't aware of with running it.
Where is 'the root of the bugzilla dir'? If you mean /var/www/bugzilla, then no, that is not sufficient. You need to restrict access to the CGIs in /usr/lib/cgi-bin/bugzilla. -- - mdz
