From ea8f9c972393e0929e643190573412410bf39c6a Mon Sep 17 00:00:00 2001 From: Thomas Grainger Date: Fri, 15 Apr 2016 11:27:09 +0100 Subject: [PATCH] Fix security documentation, XSS -> CSRF Signed-off-by: Thomas Grainger --- docs/security/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security/security.md b/docs/security/security.md index b9738a3ce8..88b5b3f09a 100644 --- a/docs/security/security.md +++ b/docs/security/security.md @@ -106,7 +106,7 @@ arbitrary containers. For this reason, the REST API endpoint (used by the Docker CLI to communicate with the Docker daemon) changed in Docker 0.5.2, and now uses a UNIX socket instead of a TCP socket bound on 127.0.0.1 (the -latter being prone to cross-site-scripting attacks if you happen to run +latter being prone to cross-site request forgery attacks if you happen to run Docker directly on your local machine, outside of a VM). You can then use traditional UNIX permission checks to limit access to the control socket.