Commits

Anonymous committed 8d6881b Draft

fix typo in SECURITY

  • Participants
  • Parent commits accd485

Comments (0)

Files changed (1)

 and matches the current session, if not the request is discarded. A 
 form generated by a different webpage does not know the secret csrf 
 token, so it cannot construct a valid form. PHP Shell implements this 
-protection as of version 2.6. 
+protection as of version 2.5. 
 
 Attacks against the session
 ---------------------------
 from a large character set, e.g. lower case and upper case letters, 
 numbers, and special characters. 
 
-As of version 2.6, PHP Shell also implements rate limiting. Every time 
+As of version 2.5, PHP Shell also implements rate limiting. Every time 
 a login attempt fails, this is logged in a file (the location of which 
 is configurable). After the third failed log in attempt from one IP 
 address, PHP Shell enforces a timeout during which a user won't be