From b835e15319882477e71c7b03db2c1565dd674a96 Mon Sep 17 00:00:00 2001
From: Elrond <elrond+mediagoblin.org@samba-tng.org>
Date: Tue, 30 Apr 2013 00:24:45 +0200
Subject: Add warning about crypt/itsdangeroussecret.bin.

You should not leak that file, really.
---
 docs/source/siteadmin/deploying.rst | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'docs/source/siteadmin')

diff --git a/docs/source/siteadmin/deploying.rst b/docs/source/siteadmin/deploying.rst
index 77e60037..f2f71e01 100644
--- a/docs/source/siteadmin/deploying.rst
+++ b/docs/source/siteadmin/deploying.rst
@@ -345,3 +345,17 @@ Visit the site you've set up in your browser by visiting
    smaller deployments. However, for larger production deployments
    with larger processing requirements, see the
    ":doc:`production-deployments`" documentation.
+
+
+Security Considerations
+~~~~~~~~~~~~~~~~~~~~~~~
+
+.. warning::
+
+   The directory ``user_dev/crypto/`` contains some very
+   sensitive files.
+   Especially the ``itsdangeroussecret.bin`` is very important
+   for session security. Make sure not to leak its contents anywhere.
+   If the contents gets leaked nevertheless, delete your file
+   and restart the server, so that it creates a new secret key.
+   All previous sessions will be invalifated then.
-- 
cgit v1.2.3