diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-03-30 11:25:51 +0100 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-04-03 10:55:35 -0400 |
| commit | 5cc0407e45393d24dee2303847902859bebda951 (patch) | |
| tree | c436b246d5239d2cbe7c5eba6b4df4b673739c10 /docs/topics | |
| parent | 7ae7600d2bc9d831bd8be5b669416d05760991d7 (diff) | |
[1.8.x] Fixed #24556 -- Added reminder about HTTPS to passwords docs.
Backport of 1119063c69eb4fc091c212e59462f3ec3d5676a4 from master
Diffstat (limited to 'docs/topics')
| -rw-r--r-- | docs/topics/auth/passwords.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt index ee41c4bcdb..20559ed5d4 100644 --- a/docs/topics/auth/passwords.txt +++ b/docs/topics/auth/passwords.txt @@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores passwords, how the storage hashing can be configured, and some utilities to work with hashed passwords. +.. seealso:: + + Even though users may use strong passwords, attackers might be able to + eavesdrop on their connections. Use :ref:`HTTPS + <security-recommendation-ssl>` to avoid sending passwords (or any other + sensitive data) over plain HTTP connections because they will be vulnerable + to password sniffing. + .. _auth_password_storage: How Django stores passwords |
