I don't know of any.

To prevent hacking of tickets by someone with access to the ticket database, I guess you want CAS to encrypt the TGT ID. To do that, I think you would need to replace TicketGrantingTicketImpl and JpaTicketRegistry, e.g., to encrypt ticketId in getTicket() so it can be found. You would also need to replace CentralAuthenticationServiceImpl and ServiceTicketImpl, because they create new TicketGrantingTicketImpl. I don't know how far such replacements would be forced to cascade. Unfortunately, all those classes are final, so you cannot just extend them.

Cheers,
11011011

Harikrishnan R. wrote:
Its possible.Other than this is there any encryption configuration of the TGT ticket in CAS.
Regards
Hari

On Tue, Sep 29, 2009 at 1:35 PM, J. David Beutel <[email protected] <mailto:[email protected]>> wrote:

    Harikrishnan R. wrote:

        is <http://login.is <http://login.is/>> there any way to
        prevent hacking of tickets other than restricting acess for
        the tables from DB side.


    Why wouldn't you restrict access to your ticket database?

-- You are currently subscribed to [email protected]
    <mailto:[email protected]> as: [email protected]
    <mailto:[email protected]>
    To unsubscribe, change settings or access archives, see
    http://www.ja-sig.org/wiki/display/JSG/cas-dev


--
You are currently subscribed to [email protected] 
<mailto:[email protected]> as: [email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev


--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to