From d7580e286ac9c48e410d59281720205d6f5dda10 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 19 Dec 2015 23:55:15 -0500 Subject: [PATCH] Removed a misleading comment about HTTPS. For all practical purposes, there are no common cases for which a website cannot be deployed with HTTPS. --- docs/topics/security.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 1f2f0f199e..221036e328 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -120,11 +120,11 @@ for a small section of the site. SSL/HTTPS ========= -It is always better for security, though not always practical in all cases, to -deploy your site behind HTTPS. Without this, it is possible for malicious -network users to sniff authentication credentials or any other information -transferred between client and server, and in some cases -- **active** network -attackers -- to alter data that is sent in either direction. +It is always better for security to deploy your site behind HTTPS. Without +this, it is possible for malicious network users to sniff authentication +credentials or any other information transferred between client and server, and +in some cases -- **active** network attackers -- to alter data that is sent in +either direction. If you want the protection that HTTPS provides, and have enabled it on your server, there are some additional steps you may need: