[joomla] $5 securid authentication hack
Rolan Yang
rolan at omnistep.com
Wed Oct 17 10:25:16 EDT 2007
At the Joomla Day during the security breakout session, the discussion
drifted towards various methods of login authentication. The topic of
SecurId was mentioned as being an expensive alternative. I just noticed
today that Paypal is offering a SecurId keychain fob for $5. It would be
simple to write a small php authentication function which acted as a
proxy to paypal, accepting an email, password, and securId code, sending
a off a https request, parsing the response and returning an TRUE or
FALSE authenticated result.
One caveat: if your website security is compromised, any paypal
information submitted could be divulged, so if you plan to test this in
an insecure environment, it's best for users to open up a new unfunded
paypal account not linked to any bank.
I'll post some sample code when my Paypal securId arrives in the mail :)
~Rolan
More information about the Joomla
mailing list