I've read various threads on this topic, and I'm aware that web2py doesn't provide Digest Auth. I need to expose an http service to mobile applications. The users should set a password on its own device and it will be used transparently to access the services. For various reasons I cannot use HTTPS, so I need to setup an authentication method, like Digest, that can provide a confidential layer on an unsecure channel. Do you have web2py best practices to do that? Maybe using a third- party middleware?
thanks, giovanni
