TGC cookies protection info

Hi,

I've successfully installed and configure CAS to use my LDAP user
database. I'm almost on production stage :)

My IT asked me about "How secure is the TGC?" meaning is it possible for
a hacker to steal a TGC from a user browser, and use it to impersonate a
user.

I read in the doc and powerpoints that the TGC was 'private' and
'protected' but I dunno exactely what it means.

Can anyone tell me more about TGC protection? How much are they secured?

Best,

Chris

_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas