===================================================================
RCS file: /cvs/cvsweb/Attic/cvsweb.conf,v
retrieving revision 3.26
retrieving revision 3.27
diff -u -p -r3.26 -r3.27
--- cvsweb/Attic/cvsweb.conf	2001/08/01 09:32:22	3.26
+++ cvsweb/Attic/cvsweb.conf	2001/08/01 09:48:39	3.27
@@ -6,8 +6,8 @@
 #     1999      H. Nordstrom <hno@hem.passagen.se>
 #     2000-2001 A. MUSHA     <knu@FreeBSD.org>
 #          based on work by Bill Fenner  <fenner@FreeBSD.org>
-# $Id: cvsweb.conf,v 3.26 2001/08/01 09:32:22 knu Exp $
-# $Idaemons: /home/cvs/cvsweb/cvsweb.conf,v 3.25 2001/07/06 09:44:28 knu Exp $
+# $Id: cvsweb.conf,v 3.27 2001/08/01 09:48:39 knu Exp $
+# $Idaemons: /home/cvs/cvsweb/cvsweb.conf,v 3.26 2001/08/01 09:32:22 knu Exp $
 #
 ###
 
@@ -258,7 +258,21 @@ $tableBorderColor = '#cccccc';
 # Modules in the repository that should not be displayed, either by default
 # nor by explicit path specification.
 #
-@HideModules = ();
+@HideModules = (
+#	"^my/secret/module",
+);
+
+#
+# Files matching these pathnames shouldn't be checked out with cvsweb,
+# since they may contain sensitive information. Simple file name based
+# filter. Often, the CVSROOT/passwd is exposed and some people tend
+# to check in their .cvspass, though this is a bad idea. These files
+# shouldn't be readable by default. Thanks to Damian Gryski to point
+# this out.
+@ForbiddenFiles = (
+	"^CVSROOT/passwd\$",   # CVSROOT/passwd should not be cvs add'ed, though
+	"/\\.cvspass\$",       # Ditto.  Just in case.
+);
 
 #
 # Use CVSROOT/CVSROOT/descriptions for describing the directories/modules