Scott,
But in the web interface you have the ticket 'LT', which complicates
things for an attack in the REST interface we can make brute force
attack more simply.
Thanks,
Scott Battaglia a écrit :
Pascal,
You should take the same concern with the RESTful API that you would
with the web UI as they can both be used to attempt to determine
passwords.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Nov 27, 2008 at 1:01 PM, Pascal Aubry
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
wrote:
Hi folks,
Seeing the RestFul API
(http://www.ja-sig.org/wiki/display/CASUM/RESTful+API), I wonder if
something is done to prevent from password cracking. Anything to
be done
or does the CAS server already take care of such attacks?
Thanks,
PA
--
http://perso.univ-rennes1.fr/pascal.aubry
_______________________________________________
Yale CAS mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas
------------------------------------------------------------------------
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
