If you are reading up on it, then you would know its not
username/password form.
It is passed in the http header for every request. This is usually
done by the underlying web server for you, but you can handle this
yourself in CFML if you really want.
A better approach is not to send the password at all, but instead an MD5
version of it.
On 24/07/2012 21:46, Jason King wrote:
Hi Peter,
I'm reading up on http authentication, and maybe I just need it to digest.
I understand how it passes creates the user/pass string and passes it
and decodes it, and if I want true encryption to use SSL..
BUT, is it just passing a username/password form field? My app has a
username/password database. Would I just use the username/password
values sent via httpAuth the same I would if someone submitted
username/password via a form field?
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
