Basic Authentication
lightweight approach to WebApp HTTP authentication (the one that automatically pops up a login box) - the username and password are encoded, but in a way (base64) that is brainless to decode, so it doesn't offer any real Security.
-
though I suppose you could do Basic Authentication over SSL. But then every page would have to use SSL. Unless you issue an (encrypted) Domain-wide Web Cookie.
-
http://www.w3.org/Protocols/HTTP/1.0/spec.html#BasicAA
the id/pw is re-submitted with every request to that domain/host/port (realm?) until the browser quits.
-
There is no "logout" function possible
-
if you want to run multiple servers on different ports/hosts, that id can't follow along
-
you don't have a pretty login form to provide context around the fields themselves
The problem with non-Basic Authentication models of WebApp login:
-
there's no real standard of how to "do it" (patterns of user interface, or data management)
-
so automated tools (e.g. RssAggregator) can't log in (or am I wrong?)
-
note there is some agreement on the XmlRpc model
You probably want to support both models together. But I don't think this can be done all that smoothly...
Edited: | Tweet this! | Search Twitter for discussion