[Security] Don't use external service to generate QR code | WordPress.org

Resolved Sebastian
(@sebstein)

10 years, 4 months ago

You are using some Google API to generate the QR Code. To do that, you have to share the secret with some external party. However, this makes the whole procedure rather pointless as the secret should only be shared between the WordPress installation and the user.

Instead, generate the QR Code yourself. You can do that using some library like PHP QR Code. However, make sure to directly embed the generated SVG in the HTML source so that no temporary files contain QR codes.

http://wordpress.org/plugins/google-authenticator/

The topic ‘[Security] Don't use external service to generate QR code’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: Sebastian
Last activity: 10 years, 4 months ago
Status: resolved