Quoting "J.Lance Wilkinson" <jlw12@xxxxxxx>:
> Terry Carmen wrote:
>>
>>
>> Quoting "J.Lance Wilkinson" <jlw12@xxxxxxx>:
>>
>> > I'm looking for a VERY SIMPLE single value authentication module
>> (like BASIC
>> > Authentication, but only a USER ID, no prompt for PASSWORD) for
>> Apache 2.2.x.
>> > User IDs that will be used are going to be long numeric transaction ids
>> > provided by an external e-commerce site.
>>
>> You'll probably find it much simpler to use the standard basic auth
>> mechanism, use your transaction id for the login and pass in a dummy
>> password.
>
> Not sure how I'd "pass in a dummy password." from my HTTPD
> to the user's browser.
How were you planning on passing the transaction ID as the userid?
If you can do one, you can do the other.
>> Although I've never tried it, and it seems like a really bad idea,
>> it will supposedly accept a Boolean _expression_, so you could try
>> "Require true" or something similar.
>
> Agreed. Sounds like a bad idea.
This was a method of accomplishing what you asked for: single-value authentication.
>> In any case, if your transaction IDs can be predicted or
>> brute-forced, this all sounds like a really bad idea.
>
> I guess an alternative would be to use the transaction ID as the
> USER (required unique) and then use as the password the name of
> the entity associated with that transaction.
This sounds like a case of "I have a hammer, so these must be nails."
What you *really* need is code that accepts whatever you want to pass in and returns whatever you're supposed to send back. This should be reasonably easy in almost any language or platform that Apache supports. (php, perl, C, CGI, etc.). I'm not sure you're actually looking for any sort of auth, since you're not actually authenticating with it.
Terry
|