| the server. The in-between hacker would retrieve the encoded password as it
| is sent to the server and simply pass that as the password - he doesn't ever
| need to know your undencoded password to break in, since the server expects
| it to be encoded anyway!
and what about those guys who visit your site, download your page with the
can be decrypted?
| So you're only left with SSL for proper security...
Yes. SSL must be developed for reasons of this kind.
| HTTP_AUTH is just another way of sending the unsername and password as plain
| text -- it's just more comfortable to use than checking if you have proper
| credeintials in every page. My personal recommendation is to forget about
| HTTP_AUTH and use SSL plus phplib for proper security.