Should the URL http://www.myserver.com/cas/database/mydb.mdb return any HTML resource other than a CAS error page?
I'm asking because a formal security scan of my CAS installation has found an issue and I will respond with one of the two responses: 1. The URL returns the CAS login page and I think this to be correct. 2. The URL should return an error page and not provide a resource of any kind. I'm asking this group what seems most reasonable. The login page for me personally is best but I would like to gather some opinion here. Thanks, David _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
