The command line option --auth
should tell the client that the user wants to add Basic authentication (or maybe digest) headers to every request.
Once the client has launched it should prompt the user to enter the credentials (we don't want them on the commandline as they'll appear in ps
The use-case is an extension of that for --verify
. If I "hide" the server under https://www.example.com/mysecretchat
I may want to ignore (or better, 404) any requests that do not include a valid authentication header so that the path cannot so easily be discovered.