Hi Martin, On Jan 30, 11:43 pm, Martin Conte Mac Donell <refl...@gmail.com> wrote: > > Actually in contrib.auth passwords are stored in SHA1. If you mean > that passwords are sent in plain text "over the network" then you > should use https. >
I meant "over the network". While https is the ideal solution security wise for many small projects a getting a signed certificate costs too much and using a self-signed one scares users who encounter the browser's security alert. Sending hashed passwords, maybe even using something similar to hmac, allows one to verify the user has the correct passwords without actually passing it. Thanks, Guy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
