Forum OpenACS Q&A: Re: Password in ClearText
For actual human beings using an OpenACS website, AFAICT SSL on the login page is by far the best solution, and OpenACS already has a very good solution for this, and indeed has had it for many years, since at least ACS 4.0 if not earlier. Andrew S. seems to dislike SSL for this and states that he would prefer Digest auth. without SSL as the default for the login page. Frankly, I don't understand why, his expressed preference there makes no sense at all as far as I can see.
I don't know enough about Digest Auth. to understand Tom's argument that it has different semantics than OpenACS login and so can't work for OpenACS login. If someone could explain that, I'd like to hear it.