NYCPHP Meetup

NYPHP.org

[joomla] $5 securid authentication hack

Rolan Yang rolan at omnistep.com
Wed Oct 17 10:25:16 EDT 2007


At the Joomla Day during the security breakout session, the discussion 
drifted towards various methods of login authentication. The topic of 
SecurId was mentioned as being an expensive alternative. I just noticed 
today that Paypal is offering a SecurId keychain fob for $5. It would be 
simple to write a small php authentication function which acted as a 
proxy to paypal, accepting an email, password, and securId code, sending 
a off a https request, parsing the response and returning an TRUE or 
FALSE authenticated result.

One caveat:  if your website security is compromised, any paypal 
information submitted could be divulged, so if you plan to test this in 
an insecure environment, it's best for users to open up a new unfunded 
paypal account not linked to any bank.

I'll post some sample code when my Paypal securId arrives in the mail :)

~Rolan



More information about the Joomla mailing list