summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/topics/auth/passwords.txt8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index ee41c4bcdb..20559ed5d4 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
passwords, how the storage hashing can be configured, and some utilities to
work with hashed passwords.
+.. seealso::
+
+ Even though users may use strong passwords, attackers might be able to
+ eavesdrop on their connections. Use :ref:`HTTPS
+ <security-recommendation-ssl>` to avoid sending passwords (or any other
+ sensitive data) over plain HTTP connections because they will be vulnerable
+ to password sniffing.
+
.. _auth_password_storage:
How Django stores passwords