Keep in mind that this method means that clear-text passwords are going
out across the net, so you should be running on an SSL server if you
have severely confidential information.
Basic HTTP authorization does base64 encode username and password
information. It provides some extra security against packet sniffers
since it is more difficult to recognize the data (the telnet protocol
uses a simliar technique when sending passwords). However, SSL is
definitely more secure since all data is encrypted, but performance
does suffer.
Using SSL depends on how secure you want your server, if you
want to go thru the hassle of getting a certificate, and how
concerned you are about performance.
--ewh
