How to enable https in Django-auth generated pages?

Question

Using the Django-auth application (Django version 1.3), I want to have my login page go to https://mysite.com/login/. Currently, I\'m using:

# urls.         


        

Answer 1

As seen in other StackOverflow questions, you could implement middleware that would automatically redirect the login page to a secure version.

If you are really serious about security, you should probably migrate the entire website to SSL. From the EFF's How to Deploy HTTPS Correctly:

You must serve the entire application domain over HTTPS. Redirect HTTP requests with HTTP 301 or 302 responses to the equivalent HTTPS resource.

Some site operators provide only the login page over HTTPS, on the theory that only the user’s password is sensitive. These sites’ users are vulnerable to passive and active attack.