From 9bd1ad2bfb807d7714e17112a9dc51f2416a1e6c Mon Sep 17 00:00:00 2001
From: Ian C <ianc@noddybox.co.uk>
Date: Wed, 27 Jun 2018 15:19:34 +0000
Subject: Updated SQL creation script to flag password should be changed, and
 changed INSTALL to note how important password protection of the pages is.

---
 INSTALL          | 11 +++++++----
 sql/create_db.sh |  2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/INSTALL b/INSTALL
index 63a25b5..885e59e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -6,10 +6,13 @@ sql/
 
 www/
 	Holds the web site.  This directory should be copied somewhere and
-	configured to be served up, password protected.  How this is
-	accomplished will differ from web server to web server.  It is
-	recommended to run the site over HTTPS to prevent the password being
-	easily sniffed.  The web server must be able to execute PHP.
+	configured to be served up, which MUST be password protected.  This
+	password protection is the only thing stopping a third party accessing
+	your data.  While they would need to know the passphrase to see your
+	passwords, anyone accessing the site can delete and edit entries.
+	How this is accomplished will differ from web server to web server.
+	It is recommended to run the site over HTTPS to prevent the password
+	being easily sniffed.  The web server must be able to execute PHP.
 
 	config.php should be edited and the instructions followed for each
 	config item.
diff --git a/sql/create_db.sh b/sql/create_db.sh
index b54e338..69639db 100755
--- a/sql/create_db.sh
+++ b/sql/create_db.sh
@@ -25,7 +25,7 @@ if [ "$x" ] ; then
 fi
 
 pword="PassMan123!"
-echo "Password of database user [$pword]:"
+echo "Password of database user (hint: change this!) [$pword]:"
 read x
 
 if [ "$x" ] ; then
-- 
cgit v1.2.3