summaryrefslogtreecommitdiff
path: root/docs/topics/auth
diff options
context:
space:
mode:
authorSam Thursfield <sam.thursfield@codethink.co.uk>2015-03-30 11:25:51 +0100
committerTim Graham <timograham@gmail.com>2015-04-03 10:55:35 -0400
commit5cc0407e45393d24dee2303847902859bebda951 (patch)
treec436b246d5239d2cbe7c5eba6b4df4b673739c10 /docs/topics/auth
parent7ae7600d2bc9d831bd8be5b669416d05760991d7 (diff)
[1.8.x] Fixed #24556 -- Added reminder about HTTPS to passwords docs.
Backport of 1119063c69eb4fc091c212e59462f3ec3d5676a4 from master
Diffstat (limited to 'docs/topics/auth')
-rw-r--r--docs/topics/auth/passwords.txt8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index ee41c4bcdb..20559ed5d4 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
passwords, how the storage hashing can be configured, and some utilities to
work with hashed passwords.
+.. seealso::
+
+ Even though users may use strong passwords, attackers might be able to
+ eavesdrop on their connections. Use :ref:`HTTPS
+ <security-recommendation-ssl>` to avoid sending passwords (or any other
+ sensitive data) over plain HTTP connections because they will be vulnerable
+ to password sniffing.
+
.. _auth_password_storage:
How Django stores passwords