Emilian, It opens a vector for phishing, etc, putting your users at risk.
Ray On Thu, 2020-07-02 at 23:24 -0700, Emilian Mitocariu wrote: Ok, I'll take your answers into consideration. I agree adding new json entries isn't that hard as we won't have new services everyday, it's just that I was asked to look into this strategy among others. Also, I know having the serviceid like that is going to allow any application to authenticate against our CAS, but I didn't find it that risky as bad intended persons will still need some valid credentials to log into our CAS. Please correct me if I'm wrong. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/19d500a35174f015a62c83bf2dbcd6a0937a1108.camel%40uvic.ca.
