[cas-dev] Cas success XML snippet security
David Whitehurst
dlwhitehurst at gmail.com
Thu Mar 27 07:49:36 EDT 2008
This may be overkill, but how does CAS "know" that the XML success message
coming from the CAS server is truly the CAS server and not a box
masquerading that just sends a success message and a user in the CAS dtd
format?
I understand that this transmission is between servers using HTTPS (SSL) and
they have accepted each other and have begun communications. This is a
question from a Security Chief that I cannot answer.
Thanks,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080327/1616b55d/attachment.html
More information about the cas-dev
mailing list