I am reading the django book. I just finished the chapter on authentication. I get the jist of it. What I don't understand is the overall security of authentication. If everything you do is passed as plain text then it isn't very secure. Okay so https comes in. What I don't understand is when to use it and when not to. It seems like if you authenticate over https just for user credentials and then go back to http (like yahoo) than someone could just ease drop your cookie and be you, making logging in and out in any form pointless?
-- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
