1) The hash algorithm must be MD5
2) The server must store the plain-text password or MD5(username:realm:password)
Storing plain-text passwords is problematic because if your database is ever compromised all account passwords are exposed. Storing MD5 hash is also problematic because you cannot rename the Realm in the future and you cannot use a different salt per account.
I'm going to look into using HTTP-Basic over SSL instead.
[Message sent by forum member 'cowwoc' (cowwoc)]