I would like some feedback on how others handle services that are non-https (i.e. http://). Do most of you allow or disallow this? Currently we allow non-SSL sites for some services, but are considering requiring https for everything except locahost for developers.
How much of a security concern is this? The only thought I have is that the Service Ticket could potentially be sniffed and used, even though there is only a 10 second window to use the ticket. Thanks! Adam Causey Virginia Commonwealth University -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
