At the 11th hour before the new site is to go online, we are suddenly unsure that using clear-text passwords is adequate.
Currently the web site has a few pages that will be readable by anyone. If someone wants to see more, or download content, they have to establish an account. This is free, they just enter a username and email address and django sends them their password. Nobody is involved in setting up new accounts. Some people may unthinkingly use a password for something important for this web site, just because it's something they already remember. To avoid the risk of a password sniffer, it would be nice to encrypt the password in transit. Following the apache authentication results in a web site which is completely protected - there are _no_ available pages until login occurs. That won't work. Short of setting up a second server (one for completely open pages, the other for pages requiring authentication), is there a reasonably straightforward way to send passwords in encrypted form? This is currently on V0.95. Thanks for all your insights! -f --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
