#24556: topics/auth/passwords should remind users about transport security
--------------------------------------+--------------------
Reporter: ssssam | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+--------------------
The 'Password management in Django' page is comprehensive on the subject
of storing passwords in the server. But it is missing out a key point
about password security: traffic between client and server needs to be
encrypted when sending user's login details.
Personally, I found the existing documentation so comprehensive that I
thought 'great, someone has thought about all this for me and I don't need
to worry about password security' and forgot all about the need for HTTPS
until someone reminded me (several weeks later). So I think there needs to
be a note on this page about HTTPS.
--
Ticket URL: <https://code.djangoproject.com/ticket/24556>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/049.057a4cc2a29f5f04b26a383f663a4002%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
