Fix security documentation, XSS -> CSRF

Signed-off-by: Thomas Grainger <tagrain@gmail.com>
(cherry picked from commit ea8f9c9723)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Thomas Grainger 2016-04-15 11:27:09 +01:00 committed by Sebastiaan van Stijn
parent d9cf30d7de
commit cde2df6db9
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C

View file

@ -106,7 +106,7 @@ arbitrary containers.
For this reason, the REST API endpoint (used by the Docker CLI to
communicate with the Docker daemon) changed in Docker 0.5.2, and now
uses a UNIX socket instead of a TCP socket bound on 127.0.0.1 (the
latter being prone to cross-site-scripting attacks if you happen to run
latter being prone to cross-site request forgery attacks if you happen to run
Docker directly on your local machine, outside of a VM). You can then
use traditional UNIX permission checks to limit access to the control
socket.