[1.7.x] Fixed #24556 -- Added reminder about HTTPS to passwords docs.

Backport of 1119063c69eb4fc091c212e59462f3ec3d5676a4 from master
author: Sam Thursfield <sam.thursfield@codethink.co.uk> 2015-03-30 11:25:51 +0100
committer: Tim Graham <timograham@gmail.com> 2015-04-03 10:55:45 -0400
commit: abd625558b2b2936406ebc1566276449d8d4e5ea (patch)
tree: 180252716f1fc29dbae5daf5e2f87fa55c507816
parent: b9cbf750d6d84183d27cdbe568b8403cb017a885 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index f635f88641..280405fd52 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
 passwords, how the storage hashing can be configured, and some utilities to
 work with hashed passwords.
 
+.. seealso::
+
+    Even though users may use strong passwords, attackers might be able to
+    eavesdrop on their connections. Use :ref:`HTTPS
+    <security-recommendation-ssl>` to avoid sending passwords (or any other
+    sensitive data) over plain HTTP connections because they will be vulnerable
+    to password sniffing.
+
 .. _auth_password_storage:
 
 How Django stores passwords
author	Sam Thursfield <sam.thursfield@codethink.co.uk>	2015-03-30 11:25:51 +0100
committer	Tim Graham <timograham@gmail.com>	2015-04-03 10:55:45 -0400
commit	abd625558b2b2936406ebc1566276449d8d4e5ea (patch)
tree	180252716f1fc29dbae5daf5e2f87fa55c507816
parent	b9cbf750d6d84183d27cdbe568b8403cb017a885 (diff)