summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-03-19 22:01:43 +0000
committerwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-03-19 22:01:43 +0000
commitae0475367c079624b6386cd421356b02995caebe (patch)
tree2dbfd00b6f414768a1e85c21c6e655d9ff45161d /doc
parentcc5248c5f6d4e9f5e04522333a6527c6047e774b (diff)
web commit by joey
Diffstat (limited to 'doc')
-rw-r--r--doc/security.mdwn2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 09f3cedf9..5fda9e678 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -44,7 +44,7 @@ this wiki, BTW.
## svn commit logs
-Anyone with svn commit access can forge "web commit from foo" and make it appeat on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user.
+Anyone with svn commit access can forge "web commit from foo" and make it appear on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user.
It's actually possible to force a whole series of svn commits to appear to have come just before yours, by forging svn log output. This could be guarded against somewhat by revision number scanning, since the forged revisions would duplicate the numbers of unforged ones. Or subversion could fix svn log to indent commit messages, which would make such forgery impossible..