On Wed, Feb 8, 2012 at 3:10 AM, Fredrik Jönsson <[email protected]> wrote: > I don't really like to discourage, but doesn't this open a whole new > world of possibilities for cross-site-request-forgeries and the like? > > We've explicitly made sure that the CAS server serves all resources in > the pages to reduce such risks, facing the fact that the CAS server is > pretty much the only service, at all, that receives almost _all_ our > passwords in clear text.
All of the variable content will be server by the CAS server. Does this ease your concerns? Bill > > Regards, > /Fredrik > > tis 2012-02-07 klockan 15:05 -0500 skrev William G. Thompson, Jr.: >> Folks, >> >> Unicon is collaborating with Columbia University on a Services >> Registry extension for Login Screen UI. The gist is that Services can >> specify some elements of the CAS Login UI such as: >> >> * Logo that appears on the login screen >> * Help URL and text >> * Visibility of campus navigation links >> >> Currently thinking about how best to extend the Services Registry with >> ad-hoc attribtues. >> Would welcome comments, thoughts, and general collaboration. >> >> Best, >> Bill >> > > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
