Author: arekm Date: Thu Nov 29 19:23:59 2007 GMT Module: SOURCES Tag: HEAD ---- Log message: - new
---- Files affected: SOURCES: zm.conf (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/zm.conf diff -u /dev/null SOURCES/zm.conf:1.1 --- /dev/null Thu Nov 29 20:23:59 2007 +++ SOURCES/zm.conf Thu Nov 29 20:23:54 2007 @@ -0,0 +1,30 @@ +# The Zoneminder web interface has been disabled by default due to a small +# security issue in the default install. +# +# When using Zoneminder's own authentication, recorded CCTV images are +# accessible from the web directly without passing the authentication. This +# means any attacker could see your CCTV images without a password. In order +# to avoid this you can disable Zoneminder's authentication and configure +# standard Apache authentication (see the Apache documentation for details on +# this). +# +# If you still wish to use Zoneminder's own authentication, or have an +# internal site which needs no authentication, you need to delete the line +# marked below and restart Apache. + +Alias /zm "/usr/share/zoneminder/www" +<Directory "/usr/share/zoneminder/www"> + Options -Indexes MultiViews FollowSymLinks + AllowOverride All + Order allow,deny + Allow from all +Deny from all # DELETE THIS LINE +</Directory> + +ScriptAlias /cgi-bin/zm "/usr/libexec/zoneminder/cgi-bin" +<Directory "/usr/libexec/zoneminder/cgi-bin"> + AllowOverride All + Options ExecCGI + Order allow,deny + Allow from all +</Directory> ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
