From: Nick Kew <niq@apache.org>
Date: Sat, 16 Dec 2006 21:59:13 +0000 (+0000)
Subject: PR#40950: add security note to docs (submitted Thijs Kinkhorst)
X-Git-Tag: 2.3.0~1965
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c4d7a79c957089c968b7550f13cfae19d5f1cf96;p=apache

PR#40950: add security note to docs (submitted Thijs Kinkhorst)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@487904 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/programs/htdigest.xml b/docs/manual/programs/htdigest.xml
index e6bdf48422..fc9df711a6 100644
--- a/docs/manual/programs/htdigest.xml
+++ b/docs/manual/programs/htdigest.xml
@@ -66,4 +66,9 @@
     </dl>
 </section>
 
+<section id="security"><title>Security Considerations</title>
+    <p>This program is not safe as a setuid executable. Do <em>not</em> make it
+    setuid.</p>
+</section>
+
 </manualpage>
diff --git a/docs/manual/programs/htpasswd.xml b/docs/manual/programs/htpasswd.xml
index 0c6f61f2f4..6e613d0873 100644
--- a/docs/manual/programs/htpasswd.xml
+++ b/docs/manual/programs/htpasswd.xml
@@ -188,6 +188,9 @@ distribution.</seealso>
     <em>not</em> be within the Web server's URI space -- that is, they should
     not be fetchable with a browser.</p>
 
+    <p>This program is not safe as a setuid executable. Do <em>not</em> make it
+    setuid.</p>
+
     <p>The use of the <code>-b</code> option is discouraged, since when it is
     used the unencrypted password appears on the command line.</p>