allows to write files on server without auth

[bmwiedemann]

Currently, the php allows anyone to write files on server without authentication.
An effective auth could involve a shared secret (placed in php via generate).
For a request the client hashes all request data plus the secret (plus the date+time to avoid replay attacks) and the php validates it on the server side before any action is taken

[cyrus-and]

I know, a full rewrite is planned, it aims to solve authentication problems too. But I'd avoid to enforce a such advanced mechanism, I'd rather rely on HTTPS (if supported by the the server) for the encryption, along with basic HTTP authentication.