<P> For example, if the browser uses Aladdin as the username and OpenSesame as the password, then the field's value is the base64 - encoding of Aladdin: OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l . Then the Authorization header will appear as: </P> <P> Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l </P> <P> A client may avoid a login prompt when accessing a basic access authentication by prepending username: password @ to the hostname in the URL . For example, the following would access the page index. html at the web site www.example.com with the secure HTTPS protocol and provide the username Aladdin and the password OpenSesame credentials via basic authorization: </P> <P> This has been deprecated by RFC 3986: Use of the format "user: password" in the userinfo field is deprecated . Some modern browsers thus no longer support URL encoding of basic access credentials . This prevents passwords from being sent and seen prominently in plain text, and also eliminates confusing URLs like </P>

Does http basic access authentication provide the required security services