Basic authentication within SSL connection is actually pretty secure, but not
very user-friendly. For instance, digest authentication is actually less
secure, because it forces you to store passwords in plaintext.
Form authentication, like everything inside the webpage, is better be left to a
We have an internal site that uses basic authentication and is backed by LDAP.
However, we would like to move to a more secure solution that uses a login page
instead of the browser prompt for entering userid/password. We switched to
using form authentication, but it passes credentials as
