From f6dc2df5d674eced2c09fede4c041a4e76ea388e Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 6 Nov 2021 13:46:29 +0100
Subject: [PATCH] config: Explicitly mention that the CGI pages disclosing the
 ca-password can be blocked

... and upgrade the disclosure paragraphs to a warning.
---
 doc/source/p-config.sgml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index dd9974f1..0a9330db 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -4162,10 +4162,17 @@ compression-level 0
     that is used when Privoxy generates certificates for intercepted
     requests.
    </para>
+   <warning>
    <para>
      Note that the password is shown on the CGI page so don't
      reuse an important one.
    </para>
+   <para>
+     If disclosure of the password is a compliance issue consider blocking
+     the relevant CGI requests after enabling the <link linkend="enforce-blocks">enforce-blocks</link>
+     and <link linkend="allow-cgi-request-crunching">allow-cgi-request-crunching</link>.
+   </para>
+   </warning>
   </listitem>
  </varlistentry>
  <varlistentry>
-- 
2.39.2