p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[1.9.x] Removed a misleading comment about HTTPS. 

For all practical purposes, there are no common cases for which a
website cannot be deployed with HTTPS.

Backport of d7580e286a from master
This commit is contained in:
Alex Gaynor 2015-12-19 23:55:15 -05:00 committed by Tim Graham
parent a80fb8ae24
commit 40fd217437
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/topics/security.txt
View File

@ -120,11 +120,11 @@ for a small section of the site.
SSL/HTTPS
=========
It is always better for security, though not always practical in all cases, to
deploy your site behind HTTPS. Without this, it is possible for malicious
network users to sniff authentication credentials or any other information
transferred between client and server, and in some cases -- **active** network
attackers -- to alter data that is sent in either direction.
It is always better for security to deploy your site behind HTTPS. Without
this, it is possible for malicious network users to sniff authentication
credentials or any other information transferred between client and server, and
in some cases -- **active** network attackers -- to alter data that is sent in
either direction.
If you want the protection that HTTPS provides, and have enabled it on your
server, there are some additional steps you may need: