svn commit: r1641989 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/manager-howto.xml

Wed, 26 Nov 2014 17:33:37 -0800 

Author: kkolinko
Date: Thu Nov 27 01:32:03 2014
New Revision: 1641989

URL: http://svn.apache.org/r1641989
Log:
Improving manager documentation. Better wording.
Merged r1641988 from tomcat/tc8.0.x/trunk.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1641981
  Merged /tomcat/tc8.0.x/trunk:r1641988

Modified: tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml?rev=1641989&r1=1641988&r2=1641989&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml Thu Nov 27 01:32:03 2014
@@ -136,16 +136,16 @@ web application. The available roles are
 attacks, but the text and JMX interfaces cannot be protected. It means that
 users who are allowed access to the text and JMX interfaces have to be cautious
 when accessing the Manager application with a web browser.
-To maintain
-the CSRF protection:</p>
+To maintain the CSRF protection:</p>
 
 <ul>
   <li>If you use web browser to access the Manager application using
       a user that has either <strong>manager-script</strong> or
       <strong>manager-jmx</strong> roles (for example for testing
-      the plain text or JMX interfaces), do not visit other sites
-      where you may fall victim to a CSRF attack, and you MUST close all 
windows
-      of the browser afterwards to terminate the session.</li>
+      the plain text or JMX interfaces), you MUST close all windows
+      of the browser afterwards to terminate the session.
+      If you do not close the browser and visit other sites, you may become
+      victim of a CSRF attack.</li>
   <li>It is recommended to never grant
       the <strong>manager-script</strong> or <strong>manager-jmx</strong>
       roles to users that have the <strong>manager-gui</strong> role.</li>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to