Django Book 翻译
菜单>:
TOC
返回
原文:
Notice that none of those principles and tools prevents man-in-the-middle attacks. These types of attacks are nearly impossible to detect. If your site allows logged-in users to see any sort of sensitive data, you should *always* serve that site over HTTPS. Additionally, if you have an SSL-enabled site, you should set the ``SESSION_COOKIE_SECURE`` setting to ``True`` ; this will make Django only send session cookies over HTTPS.
翻译:
请注意,以上没有一种准则和工具能够阻止中间人攻击。这些类型的攻击是几乎不可能被探测的。如果你的站点允许登陆用户去查看任意敏感数据的话,你应该 *总是* 通过HTTPS来提供网站服务。此外,如果你的站点使用SSL,你应该将 ``SESSION_COOKIE_SECURE`` 设置为 ``True`` ,这样就能够使Django只通过HTTPS发送会话cookie。
备注:
译者: