0
0
mirror of https://github.com/django/django.git synced 2024-11-29 22:56:46 +01:00

Fixed #24556 -- Added reminder about HTTPS to passwords docs.

This commit is contained in:
Sam Thursfield 2015-03-30 11:25:51 +01:00 committed by Tim Graham
parent 07ba148d9e
commit 1119063c69

View File

@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
passwords, how the storage hashing can be configured, and some utilities to
work with hashed passwords.
.. seealso::
Even though users may use strong passwords, attackers might be able to
eavesdrop on their connections. Use :ref:`HTTPS
<security-recommendation-ssl>` to avoid sending passwords (or any other
sensitive data) over plain HTTP connections because they will be vulnerable
to password sniffing.
.. _auth_password_storage:
How Django stores passwords