innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #24556 -- Added reminder about HTTPS to passwords docs.

This commit is contained in:
Sam Thursfield 2015-03-30 11:25:51 +01:00 committed by Tim Graham
parent 07ba148d9e
commit 1119063c69
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/topics/auth/passwords.txt
View File

@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
passwords, how the storage hashing can be configured, and some utilities to passwords, how the storage hashing can be configured, and some utilities to
work with hashed passwords. work with hashed passwords.
.. seealso::
Even though users may use strong passwords, attackers might be able to
eavesdrop on their connections. Use :ref:`HTTPS
<security-recommendation-ssl>` to avoid sending passwords (or any other
sensitive data) over plain HTTP connections because they will be vulnerable
to password sniffing.
.. _auth_password_storage: .. _auth_password_storage:
How Django stores passwords How Django stores passwords