topics/auth/passwords should remind users about transport security
The 'Password management in Django' page is comprehensive on the subject of storing passwords in the server. But it is missing out a key point about password security: traffic between client and server needs to be encrypted when sending user's login details.
Personally, I found the existing documentation so comprehensive that I thought 'great, someone has thought about all this for me and I don't need to worry about password security' and forgot all about the need for HTTPS until someone reminded me (several weeks later). So I think there needs to be a note on this page about HTTPS.
Change History
(6)
Has patch: |
set
|
Patch needs improvement: |
set
|
Triage Stage: |
Unreviewed → Accepted
|
Patch needs improvement: |
unset
|
Triage Stage: |
Accepted → Ready for checkin
|
Resolution: |
→ fixed
|
Status: |
new → closed
|
Initial proposed fix: https://github.com/django/django/pull/4409