upd README re: insecure cache

author: Andrew Dolgov <[email protected]> 2019-03-12 08:20:47 +0300
committer: Andrew Dolgov <[email protected]> 2019-03-12 08:20:47 +0300
commit: a84c7e7d755e3b2203af5b352b0050267c5a170a (patch)
tree: 895614a62c6e77fec0e4c822ebd6af2346bc4f1e /README.md
parent: 9ab0044a43b32e19ff17e050d29d990137bc3c4b (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/README.md b/README.md
index b320e42..97dad23 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,17 @@ See here: https://git.tt-rss.org/fox/the-epube/wiki/Home
 Installation
 ============
 
+WARNING: since database folder is, by default, accessible for unauthenticated HTTP requests
+it is recommended to set ``SCRATCH_DB`` to a secure random value (i.e. ``db/long-random-string.db``) 
+or put it outside of scope accessible by your http server. Alternatively, you can block access
+to ``db`` using your HTTP server:
+
+```
+location /the-epube/db {
+   deny all;
+}
+```
+
 1. Initialize scratch.db 
 
     <pre>sqlite3 db/scratch.db &lt; schema.sql</pre>
author	Andrew Dolgov <[email protected]>	2019-03-12 08:20:47 +0300
committer	Andrew Dolgov <[email protected]>	2019-03-12 08:20:47 +0300
commit	a84c7e7d755e3b2203af5b352b0050267c5a170a (patch)
tree	895614a62c6e77fec0e4c822ebd6af2346bc4f1e /README.md
parent	9ab0044a43b32e19ff17e050d29d990137bc3c4b (diff)