☺唐鳳☻
and 1 contributors

NAME

RTx::MD5Auth - Secure login over an unsecure http channel

DESCRIPTION

I've came across Atom's choice of using WSSE profile as the authentication mechanism, and think that it's very well suited to RT's REST layer:

    http://www.xml.com/lpt/a/2003/12/17/dive.html

It solves the frequent need of avoiding password sniffing over a non-SSL channel.

After discussion with Abhijit and Jesse, I've settled for passing auth_digest, auth_nonce and auth_created as request arguments, and implemented a Javascript-based login in the WebUI.