* Add warning (per Collector #733) that clearing the superuser password

(in order to enable REMOTE_USER mode) also opens the monitor to any user connecting through localhost.

* Add warning (per Collector #733) that clearing the superuser password
(in order to enable REMOTE_USER mode) also opens the monitor to any user connecting through localhost.
366142c8 · Tres Seaver · c4677c0e · 366142c8
Commit 366142c8 authored Apr 06, 2000 by Tres Seaver
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

doc/WEBSERVER.txt doc/WEBSERVER.txt +5 -0

No files found.
--- a/doc/WEBSERVER.txt
+++ b/doc/WEBSERVER.txt
@@ -365,6 +365,11 @@ Zope authentication with existing web servers
        restriction is that the value must match a user defined in
        Apache's user database.
+        N.B.:  removing the password in the access file also enables
+               access to the monitor for any user connecting through
+               the localhost interface -- DISABLE THE MONITOR if using
+               this option on any box which allows untrusted logins.
        Shut down Zope by doing::
          kill `cat var/Main.pid`