“HTTP/1.0”, includes the specification for a Basic Access
Authentication scheme. This scheme is not considered to be a secure
method of user authentication (unless used in conjunction with some
external secure system such as SSL [5]), as the user name and
password are passed over the network as cleartext.

This document also provides the specification for HTTP’s
authentication framework, the original Basic authentication scheme
and a scheme based on cryptographic hashes, referred to as “Digest
Access Authentication”. It is therefore also intended to serve as a
replacement for RFC 2069 [6]. Some optional elements specified by
RFC 2069 have been removed from this specification due to problems
found since its publication; other new elements have been added for
compatibility, those new elements have been made optional, but are
strongly recommended.