However, digest authentication still must occur over an SSL channel using signed server certificates in order to avoid man-in-the-middle attacks. A man-in-the-middle can force clients into basic authentication, gain access to the MD5 hash of the authentication credentials, and alter the request/response payload.
