If I were to use Dojox crypto to create a hash of my password, send the hash, and check against password hashes server side, would this be just as good, if not better security than HTTP auth?

EDIT:
This may have been a stupid idea. In this situation your hash effectively is a password. If someone intercepted your password hash, they could just submit it just like your client.

I've been looking at this article:
HTTP Authentication Schemes

Now, if you just took your username and password, ran them thru MD5 as you do with base64 for basic authentication and sent the result to the server, a hypothetical eavesdropper could obviously record your hashed username and password. When prompted by the server to authenticate himself, he could then simply send your hashed password to get in. This is called a replay attack.

They go on to talk about the solution: Digest Access Authentication

So anyway, what's the best way to authenticate with a Dojo application. In particular:

• Say I have a ContentPane pointed at myurl.php, I want to make sure someone can't just point at myurl.php and see the content
• I want to pop-up new windows to other urls that need to authenticate with the original session

another approach with increased security for the initial password transfer:

http://pajhome.org.uk/crypt/md5/auth.html (scroll down to Alternative System)

regards
--
Roberto Saccon
http://rsaccon.com