[TYPO3-commerce] *SECURITY ISSUE* possible Hack of paypal2ogone extension

[Thibaut van de Mortel]

Hello Martin,
I just realize how stupid it was to talk about security issues on a 
public list (especially when it is about money transactions). I'm 
sincerely sorry.

I read that paypal2commerce now checks if the payment which is done via 
paypal is the same as the payment which should be paid.
I have downloaded the update and just tested it and I see the error 
message when I try to "hack" it again.

The problem is that the transaction has been accepted. It should 
actually validate the order (with the data as it was when customer was 
redirected to paypal).

But I think this will need further development. I fear that it will 
require database insert... which makes me also fear that it will require 
a modification of Commerce's pi3 too.
I know that you don't have the time for such development.  I will try to 
find a solution but I have just one question : do you think it is 
possible to achieve this without altering Commerce's pi3 ?

Thank you for your reaction and again, I apologize for my public "how to 
hack {insert name of extension here}". I suggest to delete my original 
post but I don't know how to do it.

Regards,
Thibaut