[TYPO3-commerce] *SECURITY ISSUE* possible Hack of paypal2ogone extension
Thibaut van de Mortel
tibo at goutemesdisques.com
Sun Dec 16 18:29:29 CET 2007
Hello Martin,
> i think, you should wait for ingo's patch
> ingo will send us an simpler solution
You're right. I think I've gone too far with my paranoia and my
improbable hacking attempts. That gave me a terrible headache too.
However my solution is almost done so I'll quickly finish it and then
wait for the Holy Grail... I mean the Holy Patch ;)
Be sure that I'll test it and try to hack it! (well, on my installation
only of course hehe). I will try to alter the order data in a second
browser window while I'm on the external payment site, and then confirm
the payment. I'll only use a "multiple browser windows" thing ; NO
editing of hidden form fields or anything like that.
Usually developpers say "I will try to make this thing work", but I
realize that I'm saying "I will try to make this thing NOT work" >_<
Sorry for that, you understand that it is for "paranoia/security" reasons ;)
[PS]: thanks for the domain warning, I had seen the mistake and
corrected it... after having sent an email to the wrong adress and
having received an email failure notification >_<
Regards,
Thibaut
More information about the TYPO3-project-commerce
mailing list