CAS restful API
Julien Marchal
Julien.Marchal at univ-nancy2.fr
Fri Nov 28 03:28:57 EST 2008
Scott,
But in the web interface you have the ticket 'LT', which complicates
things for an attack in the REST interface we can make brute force
attack more simply.
Thanks,
Scott Battaglia a écrit :
> Pascal,
>
> You should take the same concern with the RESTful API that you would
> with the web UI as they can both be used to attempt to determine
> passwords.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Thu, Nov 27, 2008 at 1:01 PM, Pascal Aubry
> <pascal.aubry at univ-rennes1.fr <mailto:pascal.aubry at univ-rennes1.fr>>
> wrote:
>
> Hi folks,
> Seeing the RestFul API
> (http://www.ja-sig.org/wiki/display/CASUM/RESTful+API), I wonder if
> something is done to prevent from password cracking. Anything to
> be done
> or does the CAS server already take care of such attacks?
> Thanks,
> PA
>
> --
> http://perso.univ-rennes1.fr/pascal.aubry
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081128/b9f7064e/attachment.html
More information about the cas
mailing list