From 800e250d128c8acf488167ba649c7c558d15f249 Mon Sep 17 00:00:00 2001
From: Marc Brinkmann <git@marcbrinkmann.de>
Date: Sat, 22 Feb 2014 16:55:04 +0100
Subject: [PATCH] Update README.rst with some notes on security.

This closes #7.
---
 README.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.rst b/README.rst
index ca03486..d66d15b 100644
--- a/README.rst
+++ b/README.rst
@@ -62,3 +62,15 @@ Install
 Installation is simple too::
 
     $ pip install Flask-SSLify
+    
+    
+Security consideration using basic auth
+---------------------------------------
+
+When using basic auth, it is important that the redirect occurs before the user is prompted for
+credentials. Flask-SSLify registers a ``before_request`` handler, to make sure this handler gets
+executed before credentials are entered it is advisable to not prompt for any authentication
+inside a ``before_request`` handler.
+
+The example found at http://flask.pocoo.org/snippets/8/ works nicely, as the view function's
+decorator will never have an effect before the ``before_request`` hooks are executed.