PR#40950: add security note to docs (submitted Thijs Kinkhorst)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@487904 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/programs/htdigest.xml b/docs/manual/programs/htdigest.xml
index e6bdf4842231f3f38bb6686598beadfa66487a4a..fc9df711a6e82c3ccbcbbcbbbb931e0f674bb737 100644 (file)
--- a/docs/manual/programs/htdigest.xml
+++ b/docs/manual/programs/htdigest.xml
@@ -66,4 +66,9 @@
     </dl>
 </section>
 
+<section id="security"><title>Security Considerations</title>
+    <p>This program is not safe as a setuid executable. Do <em>not</em> make it
+    setuid.</p>
+</section>
+
 </manualpage>

diff --git a/docs/manual/programs/htpasswd.xml b/docs/manual/programs/htpasswd.xml
index 0c6f61f2f4173910612d67499eba8217c48e2879..6e613d08730ebfab64f2e14ac348ad77e4765103 100644 (file)
--- a/docs/manual/programs/htpasswd.xml
+++ b/docs/manual/programs/htpasswd.xml
@@ -188,6 +188,9 @@ distribution.</seealso>
     <em>not</em> be within the Web server's URI space -- that is, they should
     not be fetchable with a browser.</p>
 
+    <p>This program is not safe as a setuid executable. Do <em>not</em> make it
+    setuid.</p>
+
     <p>The use of the <code>-b</code> option is discouraged, since when it is
     used the unencrypted password appears on the command line.</p>