Allowing or disallowing anonymous users to populate caches is your choice.
Some organizations have no problem letting anonymous users to populate
caches (especially if the repository is internal). The default security
settings of Artifactory allows cache population by anonymous users.
The security scheme is very flexible and you can change it easily. All you
need to do is remove the 'deploy' permissions from the anonymous user (if
you use the default settings you can also remove the "Any Remote" permission
target).
In version 2.3.0 we improved the authentication mechanism to challenge
anonymous users if they don't have read permissions (
https://issues.jfrog.org/jira/browse/RTFACT-3479). But it will work when
anonymous can read from the cache but cannot not populate it (Artifactory
will return 403 - Forbidden).
I opened an improvement issue (
https://issues.jfrog.org/jira/browse/RTFACT-4024) and will check soon if it
is feasible.
Thanks,
Yossi Shaul
On Tue, Feb 22, 2011 at 11:20, kefik <[email protected]> wrote:
>
> Hi!
>
> Does this mean that Artifactory prevents this scheme:
>
> 1) let anonymous downloads
>
> 2) let users with credentional deploy to caches when artifact is found
> missing
>
> I mean, I would like to let anonymous to "read" any repositories but if
> Artifactory encounters that the desired artifact was not cached yet, it
> should challenge Maven to authenticate and if Maven succeeds and user has
> deploy permissiong let the cache be populated?
>
> Obviously, letting anyone populate your caches is a bad security practice
> as
> anyone will be able to blow your storage off :( ... Or am I mistaken /
> missing the point / not knowing how to configure the security better?
>
> Best,
> Jakub Gemrot
> --
> View this message in context:
> http://forums.jfrog.org/Maven-using-anonymous-user-even-though-artifactory-server-setup-in-the-settings-xml-tp4634521p6051613.html
> Sent from the Artifactory - Users mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------------
> Index, Search & Analyze Logs and other IT data in Real-Time with Splunk
> Collect, index and harness all the fast moving IT data generated by your
> applications, servers and devices whether physical, virtual or in the
> cloud.
> Deliver compliance at lower cost and gain new business insights.
> Free Software Download: http://p.sf.net/sfu/splunk-dev2dev
> _______________________________________________
> Artifactory-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
------------------------------------------------------------------------------
Index, Search & Analyze Logs and other IT data in Real-Time with Splunk
Collect, index and harness all the fast moving IT data generated by your
applications, servers and devices whether physical, virtual or in the cloud.
Deliver compliance at lower cost and gain new business insights.
Free Software Download: http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
