I am developing an application which need to handle a massive amount of REST requests. Using basic auth will save a lot of computing resources since I don't have to compute the signatures. Also, the documentation will be a lot simpler. What are your thoughts?
+3
A:
Yes. Basic Auth over SSL is actually stronger than Digest without SSL.
However, the overhead of SSL is much higher compared to computing hashes so there is no performance gain there.
ZZ Coder
2009-12-03 04:34:23
My goal is to make everything as simple as it can. So after reading your answer, I will go for basic auth + ssl! Thanks!
TP
2009-12-03 04:42:17
From application design point of view, the SSL overhead is not important - SSL offload cards can be easily used without changing the application code, whereas inefficient programming can not be fixed easily later.
martin
2009-12-03 08:31:57