I don't know of any.
To prevent hacking of tickets by someone with access to the ticket
database, I guess you want CAS to encrypt the TGT ID. To do that, I
think you would need to replace TicketGrantingTicketImpl and
JpaTicketRegistry, e.g., to encrypt ticketId in getTicket() so it can be
found. You would also need to replace CentralAuthenticationServiceImpl
and ServiceTicketImpl, because they create new
TicketGrantingTicketImpl. I don't know how far such replacements would
be forced to cascade. Unfortunately, all those classes are final, so
you cannot just extend them.
Cheers,
11011011
Harikrishnan R. wrote:
Its possible.Other than this is there any encryption configuration of
the TGT ticket in CAS.
Regards
Hari
On Tue, Sep 29, 2009 at 1:35 PM, J. David Beutel <[email protected]
<mailto:[email protected]>> wrote:
Harikrishnan R. wrote:
is <http://login.is <http://login.is/>> there any way to
prevent hacking of tickets other than restricting acess for
the tables from DB side.
Why wouldn't you restrict access to your ticket database?
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as: [email protected]
<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev