|
|
@@ -8,6 +8,14 @@ tools for managing user passwords. This document describes how Django stores
|
|
|
passwords, how the storage hashing can be configured, and some utilities to
|
|
|
work with hashed passwords.
|
|
|
|
|
|
+.. seealso::
|
|
|
+
|
|
|
+ Even though users may use strong passwords, attackers might be able to
|
|
|
+ eavesdrop on their connections. Use :ref:`HTTPS
|
|
|
+ <security-recommendation-ssl>` to avoid sending passwords (or any other
|
|
|
+ sensitive data) over plain HTTP connections because they will be vulnerable
|
|
|
+ to password sniffing.
|
|
|
+
|
|
|
.. _auth_password_storage:
|
|
|
|
|
|
How Django stores passwords
|
Sam Thursfield