From 732e6f4139934f81ff8ea93bee7eeabe632c9f49 Mon Sep 17 00:00:00 2001
From: Daniel Gruno <humbedooh@apache.org>
Date: Mon, 30 Jul 2012 13:31:28 +0000
Subject: [PATCH] Add a security notice about using mod_lua on shared hosting.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1367081 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_lua.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/manual/mod/mod_lua.xml b/docs/manual/mod/mod_lua.xml
index 2b6268cfa5..80d010f6c7 100644
--- a/docs/manual/mod/mod_lua.xml
+++ b/docs/manual/mod/mod_lua.xml
@@ -47,6 +47,13 @@ Until it is declared stable, usage and behavior may change
 at any time, even between stable releases of the 2.4.x series.
 Be sure to check the CHANGES file before upgrading.</note>
 
+<note type="warning"><title>Warning</title>
+<p>This module holds a great deal of power over httpd, which is both a 
+strength and a potential security risk. It is <b>not</b> recommended 
+that you use this module on server that is shared with users you do not 
+trust, as it can be abused to change the internal workings of httpd.</p>
+</note>
+
 </summary>
 
 <section id="basicconf"><title>Basic Configuration</title>
-- 
2.40.0