On Dec 18, 2009, at 7:58 PM, macdd wrote: > I am reading the django book. I just finished the chapter on > authentication. I get the jist of it. What I don't understand is the > overall security of authentication. If everything you do is passed as > plain text then it isn't very secure. Okay so https comes in. What I > don't understand is when to use it and when not to. It seems like if > you authenticate over https just for user credentials and then go back > to http (like yahoo) than someone could just ease drop your cookie and > be you, making logging in and out in any form pointless? >
We use https for all our authenticated pages. Our primary concern was packet capture on public WiFi connections. -- Eric Chamberlain, Founder RF.com - http://RF.com/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
