httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Terry Carmen <te...@cnysupport.com>
Subject Re: [users@httpd] Single Value Authentication Module
Date Mon, 12 Sep 2011 15:58:50 GMT
Quoting "J.Lance Wilkinson" <jlw12@psu.edu>:

> I'm looking for a VERY SIMPLE single value authentication module (like BASIC
> Authentication, but only a USER ID, no prompt for PASSWORD) for Apache 2.2.x.
>  User IDs that will be used are going to be long numeric transaction ids
> provided by an external e-commerce site.

You'll probably find it much simpler to use the standard basic auth mechanism, use your transaction
id for the login and pass in a dummy password.

You could also play with the Require directive. 

Although I've never tried it, and it seems like a really bad idea, it will supposedly accept
a Boolean expression, so you could try "Require true" or something similar.

In any case, if your transaction IDs can be predicted or brute-forced, this all sounds like
a really bad idea.

Terry

Mime
View raw message