Hi,
We are now testing the CAS server for realizing cross domain SSO and my
supervisor has got some questions after we demonstrated this application to
him. We tried to search for those answers to the questions online, but still
we want to ask yor directly for further confirmation.
How secure is the service ticket(ST)? For example, if a hacker steals the
ticket through the way between the CAS client and browser, he can simulate the
user to do all his actions. So my questions are the following, besides the
ticket length is between 32 to 256 bytes and randomly generated and used for
one time only, what is the ticket number composed of(I mean, is it composed of
only nunbers, or also with characters or any marks else)? And will the ticket
be encrypted or use some check digits? What's more, will the length of the
ticket be generated randomly also?
Looking forward to your quick reply!
Best regards,
Galen
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
