The password is not encrypted at django admin login page





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?










share|improve this question


















  • 2





    No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.

    – Serafeim
    Nov 16 '18 at 22:09


















0















Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?










share|improve this question


















  • 2





    No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.

    – Serafeim
    Nov 16 '18 at 22:09














0












0








0








Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?










share|improve this question














Hello I started using django framework recently. One thing that is bothering me is when I login from admin page. The password is being sent in plain text format without any encryption. Is it normal? IMHO shouldn't the password be encrypted before sent over network?







django django-admin






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 16 '18 at 21:54









OdgiivOdgiiv

4161728




4161728








  • 2





    No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.

    – Serafeim
    Nov 16 '18 at 22:09














  • 2





    No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.

    – Serafeim
    Nov 16 '18 at 22:09








2




2





No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.

– Serafeim
Nov 16 '18 at 22:09





No. This is the expected behavior; every framework works like this. That's the reason that nowadays https is required for all login pages; to avoid sending the password over plain text.

– Serafeim
Nov 16 '18 at 22:09












1 Answer
1






active

oldest

votes


















1














What would encrypt the password? The browser would.



What built-in encryption exists for the browser? TLS/SSL.



How to activate that encryption? By using https instead of http.



That would result in the communication between the browser and the server being encrypted.



In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.






share|improve this answer
























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345936%2fthe-password-is-not-encrypted-at-django-admin-login-page%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    What would encrypt the password? The browser would.



    What built-in encryption exists for the browser? TLS/SSL.



    How to activate that encryption? By using https instead of http.



    That would result in the communication between the browser and the server being encrypted.



    In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.






    share|improve this answer




























      1














      What would encrypt the password? The browser would.



      What built-in encryption exists for the browser? TLS/SSL.



      How to activate that encryption? By using https instead of http.



      That would result in the communication between the browser and the server being encrypted.



      In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.






      share|improve this answer


























        1












        1








        1







        What would encrypt the password? The browser would.



        What built-in encryption exists for the browser? TLS/SSL.



        How to activate that encryption? By using https instead of http.



        That would result in the communication between the browser and the server being encrypted.



        In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.






        share|improve this answer













        What would encrypt the password? The browser would.



        What built-in encryption exists for the browser? TLS/SSL.



        How to activate that encryption? By using https instead of http.



        That would result in the communication between the browser and the server being encrypted.



        In prod environment you can use letsencrypt to create an SSL certificate. Your local Dev environment does not need it.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 17 '18 at 1:42









        rikAteerikAtee

        4,97553059




        4,97553059
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53345936%2fthe-password-is-not-encrypted-at-django-admin-login-page%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Bressuire

            Vorschmack

            Quarantine