On Dec 21, 10:35 am, Eric Chamberlain <e...@rf.com> wrote: > On Dec 18, 2009, at 7:58 PM, macdd wrote: > > > I am reading the django book. I just finished the chapter on > > authentication. I get the jist of it. What I don't understand is the > > overall security of authentication. If everything you do is passed as > > plain text then it isn't very secure. Okay so https comes in. What I > > don't understand is when to use it and when not to. It seems like if > > you authenticate over https just for user credentials and then go back > > to http (like yahoo) than someone could just ease drop your cookie and > > be you, making logging in and out in any form pointless? > > We use https for all our authenticated pages. > > Our primary concern was packet capture on public WiFi connections. > > -- > Eric Chamberlain, Founder > RF.com -http://RF.com/
thanks for your guys' response. I guess I know just enough to understand but not enough to actually be practical about. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
