From c4d7a79c957089c968b7550f13cfae19d5f1cf96 Mon Sep 17 00:00:00 2001
From: Nick Kew <niq@apache.org>
Date: Sat, 16 Dec 2006 21:59:13 +0000
Subject: [PATCH] PR#40950: add security note to docs (submitted Thijs
 Kinkhorst)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@487904 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/programs/htdigest.xml | 5 +++++
 docs/manual/programs/htpasswd.xml | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/docs/manual/programs/htdigest.xml b/docs/manual/programs/htdigest.xml
index e6bdf48422..fc9df711a6 100644
--- a/docs/manual/programs/htdigest.xml
+++ b/docs/manual/programs/htdigest.xml
@@ -66,4 +66,9 @@
     </dl>
 </section>
 
+<section id="security"><title>Security Considerations</title>
+    <p>This program is not safe as a setuid executable. Do <em>not</em> make it
+    setuid.</p>
+</section>
+
 </manualpage>
diff --git a/docs/manual/programs/htpasswd.xml b/docs/manual/programs/htpasswd.xml
index 0c6f61f2f4..6e613d0873 100644
--- a/docs/manual/programs/htpasswd.xml
+++ b/docs/manual/programs/htpasswd.xml
@@ -188,6 +188,9 @@ distribution.</seealso>
     <em>not</em> be within the Web server's URI space -- that is, they should
     not be fetchable with a browser.</p>
 
+    <p>This program is not safe as a setuid executable. Do <em>not</em> make it
+    setuid.</p>
+
     <p>The use of the <code>-b</code> option is discouraged, since when it is
     used the unencrypted password appears on the command line.</p>
 
-- 
2.50.1