Hello, Has anyone seen this security flaw.
In the docs it says for the cookie session repo: When users first authenticate to mod_auth_cas with a valid service ticket, a local session is established. Information about this session (the username, time of creation, last activity time, the resource initially requested, and whether or not the credentials were renewed) is stored in this directory. This location should be writable by the web server ONLY. Any user that can write to this location can falsify authentication information by creating a fake data file. Well for me it has to be 777 or we get an 500 internal server error. Has anyone had this issue? Thank You; Chris Cheltenham [email protected]<mailto:[email protected]> SwainTechs 10 Walnut Grove Rd Suite 110 Horsham, PA 19044 888-905-5767 / X407 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
