Shibboleth Scan Findings from OWASP Scan Tool

[Cantor, Scott]

The former is a given, the XML code we use is long moribund and riddled with these sorts of bugs, that's why all this code is headed for the trash heap and being replaced with Java.

I have no idea what on earth it thinks the code is doing that makes it think there's a SQL call. I don't trust automated tools and I would imagine it's just making up things out of heuristics.

-- Scott