If people can accidentally send plain text password to Stripe for a 403 response and don't care about it, I can't see why people can't accidentally send plain text password to the HMAC-SHA protected port 80.
They are the same thing, both will not work.
(Unless you close the port 80, using HMAC-SHA can't solve the issue.)
They are the same thing, both will not work.
(Unless you close the port 80, using HMAC-SHA can't solve the issue.)