p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Removed a misleading comment about HTTPS. 

For all practical purposes, there are no common cases for which a
website cannot be deployed with HTTPS.
This commit is contained in:
Alex Gaynor 2015-12-19 23:55:15 -05:00 committed by Tim Graham
parent fa9ce4e9a6
commit d7580e286a
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/topics/security.txt
View File

@ -120,11 +120,11 @@ for a small section of the site.
SSL/HTTPS SSL/HTTPS
========= =========
It is always better for security, though not always practical in all cases, to It is always better for security to deploy your site behind HTTPS. Without
deploy your site behind HTTPS. Without this, it is possible for malicious this, it is possible for malicious network users to sniff authentication
network users to sniff authentication credentials or any other information credentials or any other information transferred between client and server, and
transferred between client and server, and in some cases -- **active** network in some cases -- **active** network attackers -- to alter data that is sent in
attackers -- to alter data that is sent in either direction. either direction.
If you want the protection that HTTPS provides, and have enabled it on your If you want the protection that HTTPS provides, and have enabled it on your
server, there are some additional steps you may need: server, there are some additional steps you may need: