NYCPHP Meetup

[Jonathan M. Slivko]

Do we know if there's an API of sorts for "official" 3rd party integration?
-- Jonathan

-----Original Message-----
From: Rolan Yang [mailto:rolan at omnistep.com] 
Sent: Wednesday, October 17, 2007 10:25 AM
To: NYPHP SIG: Joomla
Cc: jonathan at slivko.org
Subject: $5 securid authentication hack

At the Joomla Day during the security breakout session, the discussion 
drifted towards various methods of login authentication. The topic of 
SecurId was mentioned as being an expensive alternative. I just noticed 
today that Paypal is offering a SecurId keychain fob for $5. It would be 
simple to write a small php authentication function which acted as a 
proxy to paypal, accepting an email, password, and securId code, sending 
a off a https request, parsing the response and returning an TRUE or 
FALSE authenticated result.

One caveat:  if your website security is compromised, any paypal 
information submitted could be divulged, so if you plan to test this in 
an insecure environment, it's best for users to open up a new unfunded 
paypal account not linked to any bank.

I'll post some sample code when my Paypal securId arrives in the mail :)

~Rolan