The password is not encrypted at django admin login page
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?
django django-admin
add a comment |
Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?
django django-admin
2
No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.
– Serafeim
Nov 16 '18 at 22:09
add a comment |
Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?
django django-admin
Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?
django django-admin
django django-admin
asked Nov 16 '18 at 21:54
OdgiivOdgiiv
4161728
4161728
2
No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.
– Serafeim
Nov 16 '18 at 22:09
add a comment |
2
No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.
– Serafeim
Nov 16 '18 at 22:09
2
2
No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.
– Serafeim
Nov 16 '18 at 22:09
No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.
– Serafeim
Nov 16 '18 at 22:09
add a comment |
1 Answer
1
active
oldest
votes
What would encrypt the password? The browser would.
What built-in encryption exists for the browser? TLS/SSL.
How to activate that encryption? By using https instead of http.
That would result in the communication between the browser and the server being encrypted.
In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345936%2fthe-password-is-not-encrypted-at-django-admin-login-page%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
What would encrypt the password? The browser would.
What built-in encryption exists for the browser? TLS/SSL.
How to activate that encryption? By using https instead of http.
That would result in the communication between the browser and the server being encrypted.
In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.
add a comment |
What would encrypt the password? The browser would.
What built-in encryption exists for the browser? TLS/SSL.
How to activate that encryption? By using https instead of http.
That would result in the communication between the browser and the server being encrypted.
In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.
add a comment |
What would encrypt the password? The browser would.
What built-in encryption exists for the browser? TLS/SSL.
How to activate that encryption? By using https instead of http.
That would result in the communication between the browser and the server being encrypted.
In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.
What would encrypt the password? The browser would.
What built-in encryption exists for the browser? TLS/SSL.
How to activate that encryption? By using https instead of http.
That would result in the communication between the browser and the server being encrypted.
In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.
answered Nov 17 '18 at 1:42
rikAteerikAtee
4,97553059
4,97553059
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345936%2fthe-password-is-not-encrypted-at-django-admin-login-page%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.
– Serafeim
Nov 16 '18 at 22:09