p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Removed a misleading comment about HTTPS. 

For all practical purposes, there are no common cases for which a
website cannot be deployed with HTTPS.
This commit is contained in:
Alex Gaynor 2015-12-19 23:55:15 -05:00 committed by Tim Graham
parent fa9ce4e9a6
commit d7580e286a
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/topics/security.txt
View File

@ -120,11 +120,11 @@ for a small section of the site.
SSL/HTTPS
=========
It is always better for security, though not always practical in all cases, to
deploy your site behind HTTPS. Without this, it is possible for malicious
network users to sniff authentication credentials or any other information
transferred between client and server, and in some cases -- **active** network
attackers -- to alter data that is sent in either direction.
It is always better for security to deploy your site behind HTTPS. Without
this, it is possible for malicious network users to sniff authentication
credentials or any other information transferred between client and server, and
in some cases -- **active** network attackers -- to alter data that is sent in
either direction.
If you want the protection that HTTPS provides, and have enabled it on your
server, there are some additional steps you may need: