summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAchilleas Pipinellis <axil@gitlab.com>2019-06-07 13:55:22 +0000
committerAchilleas Pipinellis <axil@gitlab.com>2019-06-07 13:55:22 +0000
commitfc925583dab4dcdaf750bd4aa5d79642fc5c9871 (patch)
tree77510662d50db14e91ceeaac9ccc049dc8e45740
parent5e05ec3b8b7e8f693e3ca74fe73aca64655356a0 (diff)
downloadgitlab-ce-fc925583dab4dcdaf750bd4aa5d79642fc5c9871.tar.gz
Add type to frontmatter
-rw-r--r--doc/security/README.md1
-rw-r--r--doc/security/crime_vulnerability.md10
-rw-r--r--doc/security/information_exclusivity.md6
-rw-r--r--doc/security/password_length_limits.md4
4 files changed, 17 insertions, 4 deletions
diff --git a/doc/security/README.md b/doc/security/README.md
index a90127e0356..c48d5bc2065 100644
--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -1,5 +1,6 @@
---
comments: false
+type: index
---
# Security
diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md
index d61a205d954..33878830c7b 100644
--- a/doc/security/crime_vulnerability.md
+++ b/doc/security/crime_vulnerability.md
@@ -1,3 +1,7 @@
+---
+type: reference
+---
+
# How we manage the TLS protocol CRIME vulnerability
> CRIME ("Compression Ratio Info-leak Made Easy") is a security exploit against
@@ -7,7 +11,7 @@ authentication cookies, it allows an attacker to perform session hijacking on an
authenticated web session, allowing the launching of further attacks.
([CRIME](https://en.wikipedia.org/w/index.php?title=CRIME&oldid=692423806))
-### Description
+## Description
The TLS Protocol CRIME Vulnerability affects compression over HTTPS, therefore
it warns against using SSL Compression (for example gzip) or SPDY which
@@ -24,7 +28,7 @@ Although SPDY is enabled in Omnibus installations, CRIME relies on compression
(the 'C') and the default compression level in NGINX's SPDY module is 0
(no compression).
-### Nessus
+## Nessus
The Nessus scanner, [reports a possible CRIME vulnerability][nessus] in GitLab
similar to the following format:
@@ -50,7 +54,7 @@ attack nor does it check if compression is enabled. With just this approach, it
cannot tell that SPDY's compression is disabled and not subject to the CRIME
vulnerability.
-### References
+## References
- Nginx ["Module ngx_http_spdy_module"][ngx-spdy]
- Tenable Network Security, Inc. ["Transport Layer Security (TLS) Protocol CRIME Vulnerability"][nessus]
diff --git a/doc/security/information_exclusivity.md b/doc/security/information_exclusivity.md
index 22756232025..846bcdfe26e 100644
--- a/doc/security/information_exclusivity.md
+++ b/doc/security/information_exclusivity.md
@@ -1,3 +1,7 @@
+---
+type: concepts
+---
+
# Information exclusivity
Git is a distributed version control system (DVCS).
@@ -6,4 +10,4 @@ In GitLab every project member that is not a guest (so reporters, developers and
After obtaining this local copy the user can upload the full repository anywhere, including another project under their control or another server.
The consequence is that you can't build access controls that prevent the intentional sharing of source code by users that have access to the source code.
This is an inherent feature of a DVCS and all git management systems have this limitation.
-Obviously you can take steps to prevent unintentional sharing and information destruction, this is why only some people are allowed to invite others and nobody can force push a protected branch.
+Obviously you can take steps to prevent unintentional sharing and information destruction, this is why only some people are allowed to invite others and nobody can force push a protected branch. \ No newline at end of file
diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md
index d21b26a43e8..3ad78a5c835 100644
--- a/doc/security/password_length_limits.md
+++ b/doc/security/password_length_limits.md
@@ -1,3 +1,7 @@
+---
+type: reference, howto
+---
+
# Custom password length limits
If you want to enforce longer user passwords you can create an extra Devise initializer with the steps below.