From b6893da7067a8105211eb2f3a8a225a040b7b7bd Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 7 Jun 2019 21:38:20 +0200
Subject: [PATCH] another note on setting document root propperly

---
 doc/README.Install.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/doc/README.Install.md b/doc/README.Install.md
index cc480541f..5aec87904 100644
--- a/doc/README.Install.md
+++ b/doc/README.Install.md
@@ -40,7 +40,7 @@ The fastes way to get SeedDMS running is by unpacking the archive
 It will create a new directory `seeddms51x` containing everything you
 need to run SeedDMS with sqlite3. Make sure that the subdіrectory
 `seeddms51x/data`
-and the configuration file `seeddms51/www/conf/settings.xml` is writeable
+and the configuration file `seeddms51/conf/settings.xml` is writeable
 by your web server. All other directories must just be readable by your
 web server. In the next step you need to adjust
 the configuration file in `seeddms51/www/conf/settings.xml`. If you
@@ -50,7 +50,11 @@ with your document root. Alternatively, you can open the installer
 with a browser at http://your-domain/seeddms51x/install/
 It will first ask to unlock the installer by creating a file
 `ENABLE_INSTALL_TOOL` in the diretory `seeddms51/www/conf/`. Change all
-paths by replacing `/home/wwww-data` with your document root. Once done,
+paths by replacing `/home/wwww-data` with your document root. Do not change
+the httpRoot. Leave it at '/' and set your DocumentRoot in your web server
+to the `www` directory in `seeddms51x`. Do not set the DocumentRoot to
+the `seeddms51x` directory, because this will allow anybody to access
+your `data` and `conf` directory. This is a major security risk. Once done,
 save it, remove the file `ENABLE_INSTALL_TOOL` and point your browser to
 http://your-domain/seeddms51x/.