Hi Andrew. I see the security issue here, and I certainly don't want to reduce security. So let me flip this on its head and get back to my real world situation.
I have a web site that uses CAS. I have two DNS entries (dotCom and dotCoUK) that point to my server and use apache virtual hosts to handle the two host names. I cannot use a static client server name property because I have two values. www.mysite.com and www.mysite.co.uk. My solution to the problem was to use the request.getServerName(). I knew that you had chosen to use a property for a good reason, which I now understand. However, I cannot see another solution to fix this. In my situation, Bobs.files and Evil.eve are the same app. This has taken much of your time and I do appreciate that. I will push my luck and ask for a final word from you on this post. Thanks again. Dom PS. I would be happy to add to the wiki on this or other points if you feel that it would be helpful to the project. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
