Removed a misleading comment about HTTPS.

For all practical purposes, there are no common cases for which a website cannot be deployed with HTTPS.

Removed a misleading comment about HTTPS.
For all practical purposes, there are no common cases for which a website cannot be deployed with HTTPS.
d7580e28 · Alex Gaynor · Tim Graham · fa9ce4e9 · d7580e28
Kaydet (Commit) d7580e28 authored Ara 20, 2015 tarafından Alex Gaynor Kaydeden (comit) Tim Graham Ara 21, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

security.txt docs/topics/security.txt +5 -5

No files found.
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -120,11 +120,11 @@ for a small section of the site.
 SSL/HTTPS
 =========
-It is always better for security, though not always practical in all cases, to
+It is always better for security to deploy your site behind HTTPS. Without
-deploy your site behind HTTPS. Without this, it is possible for malicious
+this, it is possible for malicious network users to sniff authentication
-network users to sniff authentication credentials or any other information
+credentials or any other information transferred between client and server, and
-transferred between client and server, and in some cases -- **active** network
+in some cases -- **active** network attackers -- to alter data that is sent in
-attackers -- to alter data that is sent in either direction.
+either direction.
 If you want the protection that HTTPS provides, and have enabled it on your
 server, there are some additional steps you may need: