Basic authentication shouldn't be enabled by default, I think, but we could let it as an option for the user.
Rationale is that if we're using the hawk tokens with Basic auth in a non-ssl environment, then we leak them pretty badly, so we shouldn't allow that without yelling at the user.
Another way to solve the problem is to ditch out completely the Basic Auth support, or maybe call out users to not rely on that in the documentation.
Basic authentication shouldn't be enabled by default, I think, but we could let it as an option for the user.
Rationale is that if we're using the hawk tokens with Basic auth in a non-ssl environment, then we leak them pretty badly, so we shouldn't allow that without yelling at the user.
Another way to solve the problem is to ditch out completely the Basic Auth support, or maybe call out users to not rely on that in the documentation.