Fixed #24556 -- Added reminder about HTTPS to passwords docs.

1119063c · Sam Thursfield · Tim Graham · 07ba148d · 1119063c
Kaydet (Commit) 1119063c authored Mar 30, 2015 tarafından Sam Thursfield Kaydeden (comit) Tim Graham Nis 03, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

passwords.txt docs/topics/auth/passwords.txt +8 -0

No files found.
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
 passwords, how the storage hashing can be configured, and some utilities to
 work with hashed passwords.

+.. seealso::
+
+    Even though users may use strong passwords, attackers might be able to
+    eavesdrop on their connections. Use :ref:`HTTPS
+    <security-recommendation-ssl>` to avoid sending passwords (or any other
+    sensitive data) over plain HTTP connections because they will be vulnerable
+    to password sniffing.
+
 .. _auth_password_storage:

 How Django stores passwords