Fix for confusing language regarding protection of data/ & shadow/ directories

and localconfig file.

webtools/bugzilla/docs/html/Bugzilla-Guide.html

@@ -5336,11 +5336,14 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
+>	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
-	    and $BUGZILLA_HOME/shadow directories.
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </P
 ><P
 >	    On Apache, you can use .htaccess files to protect access to these directories, as outlined

webtools/bugzilla/docs/html/security.html

@@ -172,11 +172,14 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
+>	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
-	    and $BUGZILLA_HOME/shadow directories.
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </P
 ><P
 >	    On Apache, you can use .htaccess files to protect access to these directories, as outlined

webtools/bugzilla/docs/sgml/administration.sgml

@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
 	</LISTITEM>
 	<LISTITEM>
 	  <PARA>
-	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
+	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
-	    and $BUGZILLA_HOME/shadow directories.
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </PARA>
 	  <PARA>
 	    On Apache, you can use .htaccess files to protect access to these directories, as outlined

webtools/bugzilla/docs/txt/Bugzilla-Guide.txt

@@ -1787,11 +1787,16 @@ Chapter 3. Administering Bugzilla
     4. Do not run Apache as "nobody". This will require very lax
        permissions in your Bugzilla directories. Run it, instead, as a
        user with a name, set via your httpd.conf file.
-    5. Ensure you have adequate access controls for $BUGZILLA_HOME/data/,
+    5. Ensure you have adequate access controls for the
-       $BUGZILLA_HOME/localconfig, and $BUGZILLA_HOME/shadow directories.
+       $BUGZILLA_HOME/data/ and $BUGZILLA_HOME/shadow/ directories, as
-       The localconfig file stores your "bugs" user password, which would
+       well as the $BUGZILLA_HOME/localconfig file. The localconfig file
-       be terrible to have in the hands of a criminal. Also some files
+       stores your "bugs" user password, which would be terrible to have
-       under $BUGZILLA_HOME/data store sensitive information.
+       in the hands of a criminal. Also some files under
+       $BUGZILLA_HOME/data/ store sensitive information, and
+       $BUGZILLA_HOME/shadow/ stores bug information for faster
+       retrieval. If you fail to secure these directories and this file,
+       you will expose bug information to those who may not be allowed to
+       see it.
        On Apache, you can use .htaccess files to protect access to these
        directories, as outlined in Bug 57161 for the localconfig file,
        and Bug 65572 for adequate protection in your data/ and shadow/

webtools/bugzilla/docs/xml/administration.xml

@@ -1048,11 +1048,14 @@ operating parameters for bugzilla.</PARA>
 	</LISTITEM>
 	<LISTITEM>
 	  <PARA>
-	    Ensure you have adequate access controls for $BUGZILLA_HOME/data/, $BUGZILLA_HOME/localconfig,
+	    Ensure you have adequate access controls for the $BUGZILLA_HOME/data/ and
-	    and $BUGZILLA_HOME/shadow directories.
+	    $BUGZILLA_HOME/shadow/ directories, as well as the $BUGZILLA_HOME/localconfig file.
 	    The localconfig file stores your "bugs" user password,
 	    which would be terrible to have in the hands
-	    of a criminal.  Also some files under $BUGZILLA_HOME/data store sensitive information.
+	    of a criminal.  Also some files under $BUGZILLA_HOME/data/ store sensitive information, and
+	    $BUGZILLA_HOME/shadow/ stores bug information for faster retrieval.  If you fail to secure
+	    these directories and this file, you will expose bug information to those who may not
+	    be allowed to see it.
 	  </PARA>
 	  <PARA>
 	    On Apache, you can use .htaccess files to protect access to these directories, as outlined