Yes, but you won't send your credentials in plane text as you do with CookieCrumble, will you?
Well, its more or less exactly the same as with BasicAuth :-) (base64 plaintext vs. plaintext in html forms does not really matter) Yes, but if you set only the authentication header in https and manually came back to http, then will you send your password in plain text?
---------------------------------------------------------- https://some_url/folder1/index_html
GET /folder1/index_html HTTP/1.1 Host: some_ip User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Authorization: Basic YWRtaW46Zm9vcGFzcw==
HTTP/1.x 200 OK Date: Fri, 23 Jun 2006 12:02:34 GMT Server: Zope/(Zope 2.7.8-final, python 2.3.5, linux2) ZServer/1.1 Content-Length: 156 Content-Type: text/html X-Zopeuser: admin Keep-Alive: timeout=5, max=100 Connection: Keep-Alive ----------------------------------------------------------
nice password btw ;) Yes, a test password off course ;-). Will this being sent encrypted?