<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><head><meta http-equiv="Content-Type" content="text/html; charset=ANSI_X3.4-1968"><title>Chapter 4. Bugzilla Security</title><link rel="stylesheet" type="text/css" href="../../style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><meta name="keywords" content="Bugzilla, Guide, installation, FAQ, administration, integration, MySQL, Mozilla, webtools"><link rel="home" href="index.html" title="The Bugzilla Guide - 4.4.11 Release"><link rel="up" href="index.html" title="The Bugzilla Guide - 4.4.11 Release"><link rel="prev" href="sanitycheck.html" title="3.16. Checking and Maintaining Database Integrity"><link rel="next" href="security-os.html" title="4.1. Operating System"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. Bugzilla Security</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sanitycheck.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="security-os.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="security"></a>Chapter 4. Bugzilla Security</h1></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="section"><a href="security-os.html">4.1. Operating System</a></span></dt><dd><dl><dt><span class="section"><a href="security-os.html#security-os-ports">4.1.1. TCP/IP Ports</a></span></dt><dt><span class="section"><a href="security-os.html#security-os-accounts">4.1.2. System User Accounts</a></span></dt><dt><span class="section"><a href="security-os.html#security-os-chroot">4.1.3. The <code class="filename">chroot</code> Jail</a></span></dt></dl></dd><dt><span class="section"><a href="security-webserver.html">4.2. Web server</a></span></dt><dd><dl><dt><span class="section"><a href="security-webserver.html#security-webserver-access">4.2.1. Disabling Remote Access to Bugzilla Configuration Files</a></span></dt></dl></dd><dt><span class="section"><a href="security-bugzilla.html">4.3. Bugzilla</a></span></dt><dd><dl><dt><span class="section"><a href="security-bugzilla.html#security-bugzilla-charset">4.3.1. Prevent users injecting malicious Javascript</a></span></dt></dl></dd></dl></div><p>While some of the items in this chapter are related to the operating system Bugzilla is running on or some of the support software required to run Bugzilla, it is all related to protecting your data. This is not intended to be a comprehensive guide to securing Linux, Apache, MySQL, or any other piece of software mentioned. There is no substitute for active administration and monitoring of a machine. The key to good security is actually right in the middle of the word: <span class="emphasis"><em>U R It</em></span>. </p><p>While programmers in general always strive to write secure code, accidents can and do happen. The best approach to security is to always assume that the program you are working with isn't 100% secure and restrict its access to other parts of your machine as much as possible. </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sanitycheck.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="security-os.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">3.16. Checking and Maintaining Database Integrity </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 4.1. Operating System</td></tr></table></div></body></html>
