[erlang-questions] web authentication

[Garrett Smith]

On Fri, Jul 8, 2011 at 11:20 PM, Jon Watte <jwatte@REDACTED> wrote:

> 2) Use Basic-auth over HTTP -- this sends name and password,
> base-64-encoded.

This is surely a typo. You can't say "HTTP" and expect people to read
"HTTP + TLS".

For simple web auth, I routinely use basic auth, but only ever over
HTTPS. This doesn't work however if you need to control sessions or
let users log out. It's just a quick and dirty way to control who can
see what.

Garrett