Author image ☺唐鳳☻
and 1 contributors


RTx::MD5Auth - Secure login over an unsecure http channel


I've came across Atom's choice of using WSSE profile as the authentication mechanism, and think that it's very well suited to RT's REST layer:

It solves the frequent need of avoiding password sniffing over a non-SSL channel.

After discussion with Abhijit and Jesse, I've settled for passing auth_digest, auth_nonce and auth_created as request arguments, and implemented a Javascript-based login in the WebUI.