Only doing that won't help. You might as well be transmitting the password, since someone can just copy the hash and then it would be equivalent to having the password. (Also known as a Pass the Hash attack, http://en.wikipedia.org/wiki/Pass_the_hash).
The right way to do that is Digest authentication, which is a challenge-response mechanism (so you never actually send a password or something equivalently stealable). I call it the right way mostly because it's built in to just about all servers and clients; doing it over HTTP is still not a terribly good idea.