Hello Scott,
Yes, previous as the one before the current one. So I meant 3.1.6 is
from a few months ago, 3.1.3 is from a year ago, and 3.1.4 and 3.1.5
are no longer downloadable from
http://www.ja-sig.org/downloads/cas-clients/ (and JIRA did not let me
easily find release dates for versions, I reported CASC-88 on 3.1.6).
Kind regards,
--Sander.
Scott Battaglia schreef:
On Tue, Jul 21, 2009 at 3:52 AM,
Sander Bos <[email protected]>
wrote:
<snip />
I have no real idea on how often releases of the CAS client are made
(3.1.3 is the previous I can download, and that is from June 2008).
I do see it correctly right that not being able to specify
allowedProxyChains in a proxy authentication scenario is a big security
risk. A malicious web application could have the user do a single sign
on action on the CAS server for itself, and then request any user
priviliged information from web applications that allow proxying and
use the same CAS server?
Kind regards,
--Sander.
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
|
