By default, if you access a CAS page and it does not exist, you are redirected to the CAS login page. You can configure this by editing your web.xml to whatever you'd like ;-)
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Oct 20, 2008 at 10:40 AM, David Whitehurst <[EMAIL PROTECTED]>wrote: > Should the URL http://www.myserver.com/cas/database/mydb.mdb return > any HTML resource other than a CAS error page? > > I'm asking because a formal security scan of my CAS installation has > found an issue and I will respond with one of the two responses: > > 1. The URL returns the CAS login page and I think this to be correct. > > 2. The URL should return an error page and not provide a resource of any > kind. > > I'm asking this group what seems most reasonable. The login page for > me personally is best but I would like to gather some opinion here. > > > Thanks, > > > David > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
