Securing TestRail installations
TestRail was designed and built using best practices to ensure that TestRail is a secure application. To further protect your TestRail installation, using additional mechanisms such as enabling SSL/HTTPS is recommended.
Enabling and using HTTPS for your TestRail web server is an important step to secure your TestRail installation, especially if you are accessing TestRail over unsecure networks (i.e. the Internet). TestRail will work with SSL out of the box, but it's generally recommended to automatically redirect HTTP traffic to secure HTTPS connections to make sure that all users use the secure way to access TestRail. You can also update TestRail's Web Address under Administration > Site Settings so that TestRail uses the secure web address for links from emails and similar.
Attachments & reports
As noted during the installation of TestRail, it's recommended to store uploaded files and attachments as well as created reports outside the web server root directory. If you don't do this yet, simply configure a new Attachment Directory and/or Report Directory under Administration > Site Settings, adjust the permissions so that TestRail can write to these directories and move all existing attachments and reports to the new directories.
Storing your data outside the web server root directory ensures that it's not possible to download an uploaded file and to bypass TestRail's permission and role systems even if the filename is known.
Please note that reports and the report directory are only available with TestRail 3.0 and later.