Using basic user authentication via plain text passwords is not a terribly effective approach. After all, if someone really wants to break into a restricted access directory or file, all they have to do is use a network sniffer and capture the username/password combination as it's passed in clear text across the network connection. There is an alternative to plain text passwords, however, and it's called digest authentication.

Digest authentication uses a cryptographic hash function known as MD5 to create a password hash that is sent in place of the plain text password. In addition to the hash, the client also sends the URL, the MD5 method used to create the hash (there are several), and a nonce. A nonce is simply a number the server sends the client, which is different each time. The client uses this number to build the password hash, thus making it unique with each request. This serves to protect against replay attacks.

Next, take a look at a digest authentication transaction in action.