tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kkoli...@apache.org
Subject svn commit: r1641988 - in /tomcat/tc8.0.x/trunk: ./ webapps/docs/manager-howto.xml
Date Thu, 27 Nov 2014 01:30:54 GMT
Author: kkolinko
Date: Thu Nov 27 01:30:54 2014
New Revision: 1641988

URL: http://svn.apache.org/r1641988
Log:
Improving manager documentation. Better wording.
Merged r1641981 from tomcat/trunk.

Modified:
    tomcat/tc8.0.x/trunk/   (props changed)
    tomcat/tc8.0.x/trunk/webapps/docs/manager-howto.xml

Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1641981

Modified: tomcat/tc8.0.x/trunk/webapps/docs/manager-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/manager-howto.xml?rev=1641988&r1=1641987&r2=1641988&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/manager-howto.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/manager-howto.xml Thu Nov 27 01:30:54 2014
@@ -136,16 +136,16 @@ web application. The available roles are
 attacks, but the text and JMX interfaces cannot be protected. It means that
 users who are allowed access to the text and JMX interfaces have to be cautious
 when accessing the Manager application with a web browser.
-To maintain
-the CSRF protection:</p>
+To maintain the CSRF protection:</p>
 
 <ul>
   <li>If you use web browser to access the Manager application using
       a user that has either <strong>manager-script</strong> or
       <strong>manager-jmx</strong> roles (for example for testing
-      the plain text or JMX interfaces), do not visit other sites
-      where you may fall victim to a CSRF attack, and you MUST close all windows
-      of the browser afterwards to terminate the session.</li>
+      the plain text or JMX interfaces), you MUST close all windows
+      of the browser afterwards to terminate the session.
+      If you do not close the browser and visit other sites, you may become
+      victim of a CSRF attack.</li>
   <li>It is recommended to never grant
       the <strong>manager-script</strong> or <strong>manager-jmx</strong>
       roles to users that have the <strong>manager-gui</strong> role.</li>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message