WordPress.org

Ready to get started?Download WordPress

Forums

yubikey-plugin
Yubikey API usage via HTTP (1 post)

  1. Giac0m0
    Member
    Posted 8 months ago #

    Hi Henrik,

    Thank you for writing this great security plugin. Always nice when someone already wrote something I really need!

    There is one issue I noticed though. I noticed that you call the yubikey API via the HTTP protocol - I don't really understand why Yubikey is supporting this protocol.
    Since a OTP is going over this line I would really suggest to move this over to HTTPS to make sure that the OTP is not visible to anyone who is not supposed to see this information. When doing this please make sure you validate the SSL certificate provided by the Yubikey server. This can sometimes be rather tricky with the curl library.

    Thanks again for making this plugin. And if you have any questions or need some help please feel free to contact me.

    Ruben.

    http://wordpress.org/plugins/yubikey-plugin/

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.