Does your solution use the number of unvalidated tickets over a timeframe
or just the number of tickets requested over a timeframe for abuse
detection?
As long as the ticket is validated by the client, it should not count for
abuse. Applications which choose to not maintain thier own session, and rely
on a ticket for every request will become "abusers" unless ticket validation
decrements the use count.
Danny B. wrote:
>
> Solution:
> New table with following values:
> Ticket Granting Ticket id, RegisteredService, TimeStamp,
> #timesUsedSinceTimeStamp,
>
> TimeStamp: This is set every x amount of seconds/minutes
>
> pseudo code
> <code>
> if( Timestamp > (currentTime - measurementTime){
> RegisteredService.timesUsedSinceTimeStamp =+ 1;
> }
> else{
> TimeStamp = currentTime ;
> }
> if ( RegisteredService.timesUsedSinceTimeStamp > X*){
> redirect to ErrorPage
> REPORT TO ADMIN
> }
>
> X(being the maximum of used within a certain time frame)
> </code>
>
> I am planning to implement this solution this week.
> The source code will be posted.
>
> I would just like to hear your advice, on how to implement this solution.
> So you don't have to change much, if you want to import it in cas. <==
> goal
>
> Kind regards,
>
> Danny
>
--
View this message in context:
http://www.nabble.com/possible-solution-preventing-abuse-cas-infinite-loop-redirect-service-tp23389145p23530974.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
