I don't really like to discourage, but doesn't this open a whole new world of possibilities for cross-site-request-forgeries and the like?
We've explicitly made sure that the CAS server serves all resources in the pages to reduce such risks, facing the fact that the CAS server is pretty much the only service, at all, that receives almost _all_ our passwords in clear text. Regards, /Fredrik tis 2012-02-07 klockan 15:05 -0500 skrev William G. Thompson, Jr.: > Folks, > > Unicon is collaborating with Columbia University on a Services > Registry extension for Login Screen UI. The gist is that Services can > specify some elements of the CAS Login UI such as: > > * Logo that appears on the login screen > * Help URL and text > * Visibility of campus navigation links > > Currently thinking about how best to extend the Services Registry with > ad-hoc attribtues. > Would welcome comments, thoughts, and general collaboration. > > Best, > Bill > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
