mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Fixed #24556 -- Added reminder about HTTPS to passwords docs.
This commit is contained in:
parent
07ba148d9e
commit
1119063c69
@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
|
||||
passwords, how the storage hashing can be configured, and some utilities to
|
||||
work with hashed passwords.
|
||||
|
||||
.. seealso::
|
||||
|
||||
Even though users may use strong passwords, attackers might be able to
|
||||
eavesdrop on their connections. Use :ref:`HTTPS
|
||||
<security-recommendation-ssl>` to avoid sending passwords (or any other
|
||||
sensitive data) over plain HTTP connections because they will be vulnerable
|
||||
to password sniffing.
|
||||
|
||||
.. _auth_password_storage:
|
||||
|
||||
How Django stores passwords
|
||||
|
Loading…
Reference in New Issue
Block a user