Re: authentication security

On Dec 18, 2009, at 7:58 PM, macdd wrote:

> I am reading the django book. I just finished the chapter on
> authentication. I get the jist of it. What I don't understand is the
> overall security of authentication. If everything you do is passed as
> plain text then it isn't very secure. Okay so https comes in. What I
> don't understand is when to use it and when not to. It seems like if
> you authenticate over https just for user credentials and then go back
> to http (like yahoo) than someone could just ease drop your cookie and
> be you, making logging in and out in any form pointless?
>

We use https for all our authenticated pages.

Our primary concern was packet capture on public WiFi connections.

--
Eric Chamberlain, Founder
RF.com - http://RF.com/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.