Anonymous authentication is an additional feature that you need to create in your web application. It doesn't come by default in any app servers. So there is no need to disable it when configuring Tomcat.
There is a good article in JavaWorld discussing about anonymous authentication in J2EE. http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html ND -----Original Message----- From: Aydın Toprak [mailto:[EMAIL PROTECTED] Sent: Monday, February 13, 2006 4:27 AM To: users@tomcat.apache.org Subject: Tomcat, Security, Anonymous Authentication Hi, I have a question about the security issue that I have to cover of my server. I have web service which runs on Tomcat 5.5 with SSL ... I have installed all the SSL system on the server and it works fine, however as a little advance subject, I have to recover some security issues,... the first one is Disabling anonymous authentication ... I actually dont know the exact meaning of it an how to fix it... as far as foundfrom the web, I need to add some lines like SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!ADH:!eNULL:!LOW:!EXP:RCA4+RSA:+HIGH:+MEDIUM to SOMEWHERE that I dont know and how... according to web site that I have inspired :) , those lines should be added to Apache/mos_ssl, httpd.conf, or ssl.conf ... but I dont have these files in tomcat directory... what should I do ? thank you... --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
