I think that the username and passcode for the Basic
Authentication
should be changable by the merchant. A setting should be
changable
that contains that appropriate values.
My reason is based on my need to conform to my provider's
settings. I
am able to only setup Basic Auth with users with passwords
no greater
then 15 chars. I have requested a change but that is
unlikely and I
will have to seek a new provider or seek another payment
gateway.
Keep the Basic Auth username and pass sepeerate from the ID
and Key
that encrpyt the data is actually a better idea then using
for both
levels. You get no more security by using them in both
places as once
it is comprimised it comprimises both levels anyway.
Personally i think that if the data is done over SSL, with
data wrapped
in a hashed encrypted message, the Basic Auth is over kill
and should
really be the decision of the merchant on whether or not
they really
need to go to that level. As readin the Develeoper's guide
the reason
is to prevent non merchants from using that page. Well that
seems to
me to be the merchants problem and not a true functionality
issue with
using Google Checkout.
|