diff options
author | Thomas Grainger <tagrain@gmail.com> | 2016-04-15 11:27:09 +0100 |
---|---|---|
committer | Thomas Grainger <tom.grainger@procensus.com> | 2016-04-15 11:29:37 +0100 |
commit | ea8f9c972393e0929e643190573412410bf39c6a (patch) | |
tree | 8c68e9e61344c7c9fa37abe8f7fbbeb91e1517d2 | |
parent | 172ca1ca8c4d5157789feb97a6424104b81a3479 (diff) | |
download | docker-ea8f9c972393e0929e643190573412410bf39c6a.tar.gz |
Fix security documentation, XSS -> CSRF
Signed-off-by: Thomas Grainger <tagrain@gmail.com>
-rw-r--r-- | docs/security/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/security/security.md b/docs/security/security.md index b9738a3ce8..88b5b3f09a 100644 --- a/docs/security/security.md +++ b/docs/security/security.md @@ -106,7 +106,7 @@ arbitrary containers. For this reason, the REST API endpoint (used by the Docker CLI to communicate with the Docker daemon) changed in Docker 0.5.2, and now uses a UNIX socket instead of a TCP socket bound on 127.0.0.1 (the -latter being prone to cross-site-scripting attacks if you happen to run +latter being prone to cross-site request forgery attacks if you happen to run Docker directly on your local machine, outside of a VM). You can then use traditional UNIX permission checks to limit access to the control socket. |