| | 217 | |
| | 218 | * Security |
| | 219 | |
| | 220 | The installer will try to create (or modify an existing) a .htaccess file |
| | 221 | to protect wiki.conf, which contains sensitive data (ie passwords). |
| | 222 | However we cannot tell whether apache (or any other web server you may be |
| | 223 | using) is using this file, so you should check that it functioning and that |
| | 224 | you cannot access wiki.conf over HTTP. |
| | 225 | |
| | 226 | You should also configure wiki.conf with the minimum permissions required |
| | 227 | so that local users cannot read the file. This is difficult to automate, |
| | 228 | but the file should be probably be mode 0640, owned by root or an admin |
| | 229 | user, and set to the group the web server runs with. |
