summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorSam Thursfield <sam.thursfield@codethink.co.uk>2015-03-30 11:25:51 +0100
committerTim Graham <timograham@gmail.com>2015-04-03 10:55:11 -0400
commit1119063c69eb4fc091c212e59462f3ec3d5676a4 (patch)
tree5fec5c28d4355ae87e1269a5be5095beb837d1b3 /docs
parent07ba148d9e4c98d0e5a0415a6e805af6431da277 (diff)
Fixed #24556 -- Added reminder about HTTPS to passwords docs.
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth/passwords.txt8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index 910d08fabe..5f7bece6ee 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
passwords, how the storage hashing can be configured, and some utilities to
work with hashed passwords.
+.. seealso::
+
+ Even though users may use strong passwords, attackers might be able to
+ eavesdrop on their connections. Use :ref:`HTTPS
+ <security-recommendation-ssl>` to avoid sending passwords (or any other
+ sensitive data) over plain HTTP connections because they will be vulnerable
+ to password sniffing.
+
.. _auth_password_storage:
How Django stores passwords