authenticate_or_request_with_http_digest

authenticate_or_request_with_http_digest(realm = "Application", message = nil, &password_procedure)
public

Security hole in 2.3.2
This method has a security hole in Rails 2.3.2. See http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest for explanation.
Rails 2.3.3 should fix the problem.

Testing HTTP Digest authentication
Testing HTTP Digest authentication is a bit tricky. I wrote a post describing how to accomplish it.
http://lightyearsoftware.com/blog/2009/04/testing-http-digest-authentication-in-rails/
Note also that Digest auth is broken for REST actions using PUT or DELETE. There is an open Lighthouse ticket for this, #2490:
rails.lighthouseapp.com/projects/8994/tickets/2490-http-digest-auth-uses-wrong-request-method-for-put-delete