[Django] #24556: topics/auth/passwords should remind users about transport security

Django

unread,

Mar 31, 2015, 6:09:30 AM3/31/15

to django-...@googlegroups.com

#24556: topics/auth/passwords should remind users about transport security
--------------------------------------+--------------------
Reporter: ssssam | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+--------------------
The 'Password management in Django' page is comprehensive on the subject
of storing passwords in the server. But it is missing out a key point
about password security: traffic between client and server needs to be
encrypted when sending user's login details.

Personally, I found the existing documentation so comprehensive that I
thought 'great, someone has thought about all this for me and I don't need
to worry about password security' and forgot all about the need for HTTPS
until someone reminded me (several weeks later). So I think there needs to
be a note on this page about HTTPS.

--
Ticket URL: <https://code.djangoproject.com/ticket/24556>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,

Mar 31, 2015, 6:10:09 AM3/31/15

to django-...@googlegroups.com

#24556: topics/auth/passwords should remind users about transport security

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by ssssam):

* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0

Comment:

Initial proposed fix: https://github.com/django/django/pull/4409

--
Ticket URL: <https://code.djangoproject.com/ticket/24556#comment:1>

Django

unread,

Mar 31, 2015, 7:46:49 AM3/31/15

to django-...@googlegroups.com

#24556: topics/auth/passwords should remind users about transport security

--------------------------------------+------------------------------------

Reporter: ssssam | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.7

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

--------------------------------------+------------------------------------
Changes (by MarkusH):

* needs_better_patch: 0 => 1
* has_patch: 0 => 1
* stage: Unreviewed => Accepted

--
Ticket URL: <https://code.djangoproject.com/ticket/24556#comment:2>

Django

unread,

Mar 31, 2015, 7:51:04 AM3/31/15

to django-...@googlegroups.com

#24556: topics/auth/passwords should remind users about transport security

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by timgraham):

* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin

--
Ticket URL: <https://code.djangoproject.com/ticket/24556#comment:3>

Django

unread,

Apr 3, 2015, 10:55:38 AM4/3/15

to django-...@googlegroups.com

#24556: topics/auth/passwords should remind users about transport security

Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: new => closed
* resolution: => fixed

Comment:

In [changeset:"1119063c69eb4fc091c212e59462f3ec3d5676a4" 1119063]:
{{{
#!CommitTicketReference repository=""
revision="1119063c69eb4fc091c212e59462f3ec3d5676a4"
Fixed #24556 -- Added reminder about HTTPS to passwords docs.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/24556#comment:4>

Django

unread,

Apr 3, 2015, 10:59:09 AM4/3/15

to django-...@googlegroups.com

#24556: topics/auth/passwords should remind users about transport security

-------------------------------------+-------------------------------------
Reporter: ssssam | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: 1.7

Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

In [changeset:"5cc0407e45393d24dee2303847902859bebda951" 5cc0407e]:
{{{
#!CommitTicketReference repository=""
revision="5cc0407e45393d24dee2303847902859bebda951"
[1.8.x] Fixed #24556 -- Added reminder about HTTPS to passwords docs.

Backport of 1119063c69eb4fc091c212e59462f3ec3d5676a4 from master
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/24556#comment:5>

Django

unread,

Apr 3, 2015, 10:59:15 AM4/3/15

to django-...@googlegroups.com

#24556: topics/auth/passwords should remind users about transport security

-------------------------------------+-------------------------------------
Reporter: ssssam | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: 1.7

Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

In [changeset:"abd625558b2b2936406ebc1566276449d8d4e5ea" abd62555]:
{{{
#!CommitTicketReference repository=""
revision="abd625558b2b2936406ebc1566276449d8d4e5ea"
[1.7.x] Fixed #24556 -- Added reminder about HTTPS to passwords docs.