From a84c7e7d755e3b2203af5b352b0050267c5a170a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 12 Mar 2019 08:20:47 +0300
Subject: upd README re: insecure cache

---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index b320e42..97dad23 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,17 @@ See here: https://git.tt-rss.org/fox/the-epube/wiki/Home
 Installation
 ============
 
+WARNING: since database folder is, by default, accessible for unauthenticated HTTP requests
+it is recommended to set ``SCRATCH_DB`` to a secure random value (i.e. ``db/long-random-string.db``) 
+or put it outside of scope accessible by your http server. Alternatively, you can block access
+to ``db`` using your HTTP server:
+
+```
+location /the-epube/db {
+   deny all;
+}
+```
+
 1. Initialize scratch.db 
 
     <pre>sqlite3 db/scratch.db &lt; schema.sql</pre>
-- 
cgit v1.2.3