Security and use

Use Campus Auth Java only for authorized testing.

Authentication tooling sits close to sensitive data. The project is designed for education, research, and authorized workflows, not for unauthorized account access or service disruption.

Credential handling rules

• Pass credentials at runtime. Do not commit passwords, tokens, cookies, or `.env` files.
• Prefer the interactive password prompt when using the CLI locally.
• Redact personal data from logs, screenshots, issues, pull requests, and support requests.
• Keep raw service responses private if they contain member information or session data.
• Do not run the tool against accounts, systems, or services unless you are allowed to do so.

Result safety

Applications should distinguish service failures from credential failures. If a campus page changes, a timeout happens, or an endpoint redirects unexpectedly, the caller should treat that as an unknown state rather than a wrong-password decision.

Disclaimer

This project is provided strictly for educational, research, and authorized testing purposes only.

It must not be used for illegal activities, unauthorized access, privacy violations, abuse, harassment, disruption of services, or any activity that violates applicable laws, platform rules, or third-party rights.

The developer does not encourage, support, or take responsibility for any misuse of this project. Users are solely responsible for how they use, modify, or distribute this code. By using this project, you agree that you are responsible for ensuring your actions are legal, ethical, and authorized.

If you are unsure whether your use is allowed, do not use this project.

Security reporting

Do not open public issues for sensitive vulnerabilities, credential leaks, bypass techniques, or private service behavior. Follow the repository security policy and contact the maintainer privately with sanitized reproduction steps.