diff options
author | Andrew Dolgov <[email protected]> | 2019-03-12 08:20:47 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2019-03-12 08:20:47 +0300 |
commit | a84c7e7d755e3b2203af5b352b0050267c5a170a (patch) | |
tree | 895614a62c6e77fec0e4c822ebd6af2346bc4f1e | |
parent | 9ab0044a43b32e19ff17e050d29d990137bc3c4b (diff) |
upd README re: insecure cache
-rw-r--r-- | README.md | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -18,6 +18,17 @@ See here: https://git.tt-rss.org/fox/the-epube/wiki/Home Installation ============ +WARNING: since database folder is, by default, accessible for unauthenticated HTTP requests +it is recommended to set ``SCRATCH_DB`` to a secure random value (i.e. ``db/long-random-string.db``) +or put it outside of scope accessible by your http server. Alternatively, you can block access +to ``db`` using your HTTP server: + +``` +location /the-epube/db { + deny all; +} +``` + 1. Initialize scratch.db <pre>sqlite3 db/scratch.db < schema.sql</pre> |