Provide an HTTP interface, RM digest auth enforcement

[karlsebal-mcs]

Please provide an http interface. Enforcing digest auth in the way it is done atm means restricting to one user and one password — which is not very secure at all, beside Apache claiming digest being even less secure than basic auth¹. Running heritrix behind a proxy providing basic auth by itself and offloading the TLS makes this enforcement just a waste of computation power and developer time.

Thank you!

Footnotes

1. This module implements HTTP Digest Authentication (RFC2617), and provides an alternative to mod_auth_basic where the password is not transmitted as cleartext. However, this does not lead to a significant security advantage over basic authentication. On the other hand, the password storage on the server is much less secure with digest authentication than with basic authentication. Therefore, using basic auth and encrypting the whole connection using mod_ssl is a much better alternative. src ↩

[ato]

I would accept a pull request that added options to disable TLS and authentication provided they had suitably scary names. I would advise extreme care when disabling authentication, even if firewalled or bound to localhost, as the Heritrix UI allows execution of arbitrary code.

Also agree that since digest auth is deprecated it would be nice if basic was supported too.