[TYPO3-commerce] *SECURITY ISSUE* possible Hack of paypal2ogone extension
Thibaut van de Mortel
tibo at goutemesdisques.com
Thu Dec 13 01:16:24 CET 2007
Hello Martin,
I just realize how stupid it was to talk about security issues on a
public list (especially when it is about money transactions). I'm
sincerely sorry.
I read that paypal2commerce now checks if the payment which is done via
paypal is the same as the payment which should be paid.
I have downloaded the update and just tested it and I see the error
message when I try to "hack" it again.
The problem is that the transaction has been accepted. It should
actually validate the order (with the data as it was when customer was
redirected to paypal).
But I think this will need further development. I fear that it will
require database insert... which makes me also fear that it will require
a modification of Commerce's pi3 too.
I know that you don't have the time for such development. I will try to
find a solution but I have just one question : do you think it is
possible to achieve this without altering Commerce's pi3 ?
Thank you for your reaction and again, I apologize for my public "how to
hack {insert name of extension here}". I suggest to delete my original
post but I don't know how to do it.
Regards,
Thibaut
More information about the TYPO3-project-commerce
mailing list