Forum OpenACS Development: HTTP Auth
I have a client that may be interested in using it to allow authenticated automated downloads with curl.
Last time I looked and implemented http auth, it was recommended to only allow http auth over SSL. Does anyone know if this is still a recommended practice?
I cannot comment on the status of the package, but I feel confident about telling you that SSL recommendation still holds, because once the token is issued, everybody being able to sniff it over the connection could get access to the server.