SOURCES: zm.conf (NEW) - new

[arekm]

Author: arekm                        Date: Thu Nov 29 19:23:59 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- new

---- Files affected:
SOURCES:
   zm.conf (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/zm.conf
diff -u /dev/null SOURCES/zm.conf:1.1
--- /dev/null	Thu Nov 29 20:23:59 2007
+++ SOURCES/zm.conf	Thu Nov 29 20:23:54 2007
@@ -0,0 +1,30 @@
+# The Zoneminder web interface has been disabled by default due to a small
+# security issue in the default install.
+#
+# When using Zoneminder's own authentication, recorded CCTV images are
+# accessible from the web directly without passing the authentication. This
+# means any attacker could see your CCTV images without a password. In order
+# to avoid this you can disable Zoneminder's authentication and configure
+# standard Apache authentication (see the Apache documentation for details on
+# this).
+#
+# If you still wish to use Zoneminder's own authentication, or have an
+# internal site which needs no authentication, you need to delete the line
+# marked below and restart Apache.
+
+Alias /zm "/usr/share/zoneminder/www"
+<Directory "/usr/share/zoneminder/www">
+    Options -Indexes MultiViews FollowSymLinks
+    AllowOverride All
+    Order allow,deny
+    Allow from all
+Deny from all # DELETE THIS LINE
+</Directory>
+
+ScriptAlias /cgi-bin/zm "/usr/libexec/zoneminder/cgi-bin"
+<Directory "/usr/libexec/zoneminder/cgi-bin">
+    AllowOverride All
+    Options ExecCGI
+    Order allow,deny
+    Allow from all
+</Directory>
================================================================