#24556 closed Cleanup/optimization (fixed)
topics/auth/passwords should remind users about transport security
| Reported by: | Sam Thursfield | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | 1.7 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The 'Password management in Django' page is comprehensive on the subject of storing passwords in the server. But it is missing out a key point about password security: traffic between client and server needs to be encrypted when sending user's login details.
Personally, I found the existing documentation so comprehensive that I thought 'great, someone has thought about all this for me and I don't need to worry about password security' and forgot all about the need for HTTPS until someone reminded me (several weeks later). So I think there needs to be a note on this page about HTTPS.
Change History (6)
comment:1 by , 9 years ago
comment:2 by , 9 years ago
| Has patch: | set |
|---|---|
| Patch needs improvement: | set |
| Triage Stage: | Unreviewed → Accepted |
comment:3 by , 9 years ago
| Patch needs improvement: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
Note:
See TracTickets
for help on using tickets.
Initial proposed fix: https://github.com/django/django/pull/4409