Hi Jon, Thanks for the prudent suggestion. If you have a patch, you can attach it to an issue here:
http://code.google.com/p/google-apps-sso-sample/issues/list Also, there's a (on-line) license agreement for contributing code: http://code.google.com/legal/individual-cla-v1.0.html -alex On Jul 14, 4:18 am, Jon Warbrick <[EMAIL PROTECTED]> wrote: > The example Java SSO code stores the keys used to sign responses in > keys/ in the root of the web application. This means that they are > accessible over the web to anyone. While fine for an example (the keys > to which are widely distributed anyway) this would be less than ideal > for a serious deployment, especially for the private key. While > someone would need to know the names of the key files to retrieve > them, there are some obvious things to try: DSAPrivateKey01.key, > DSAPrivateKey02.key, RSAPrivateKey01.key, etc. > > Would it be a better idea to modify the code to expect to find them in > WEB-INF/keys/ ? > > Jon. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
