Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#24556 closed Cleanup/optimization (fixed)

topics/auth/passwords should remind users about transport security

Reported by: Sam Thursfield Owned by: nobody
Component: Documentation Version: 1.7
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The 'Password management in Django' page is comprehensive on the subject of storing passwords in the server. But it is missing out a key point about password security: traffic between client and server needs to be encrypted when sending user's login details.

Personally, I found the existing documentation so comprehensive that I thought 'great, someone has thought about all this for me and I don't need to worry about password security' and forgot all about the need for HTTPS until someone reminded me (several weeks later). So I think there needs to be a note on this page about HTTPS.

Change History (6)

comment:1 by Sam Thursfield, 10 years ago

comment:2 by Markus Holtermann, 10 years ago

Has patch: set
Patch needs improvement: set
Triage Stage: UnreviewedAccepted

comment:3 by Tim Graham, 10 years ago

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:4 by Tim Graham <timograham@…>, 10 years ago

Resolution: fixed
Status: newclosed

In 1119063:

Fixed #24556 -- Added reminder about HTTPS to passwords docs.

comment:5 by Tim Graham <timograham@…>, 10 years ago

In 5cc0407e:

[1.8.x] Fixed #24556 -- Added reminder about HTTPS to passwords docs.

Backport of 1119063c69eb4fc091c212e59462f3ec3d5676a4 from master

comment:6 by Tim Graham <timograham@…>, 10 years ago

In abd62555:

[1.7.x] Fixed #24556 -- Added reminder about HTTPS to passwords docs.

Backport of 1119063c69eb4fc091c212e59462f3ec3d5676a4 from master

Note: See TracTickets for help on using tickets.
Back to Top