tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Duan, Nick" <>
Subject RE: Tomcat, Security, Anonymous Authentication
Date Mon, 13 Feb 2006 15:03:39 GMT
Anonymous authentication is an additional feature that you need to create in your web application.
 It doesn't come by default in any app servers.  So there is no need to disable it when configuring

There is a good article in JavaWorld discussing about anonymous authentication in J2EE.


-----Original Message-----
From: Aydın Toprak [] 
Sent: Monday, February 13, 2006 4:27 AM
Subject: Tomcat, Security, Anonymous Authentication


I have a question about the security issue that I have to cover of my 

I have web service which runs on Tomcat 5.5 with SSL  ...
I have installed all the SSL system on the server and it works fine, 
however as a little advance subject,
I have to recover some security issues,...
 the first one is Disabling anonymous authentication ...
I actually dont know the exact meaning of it an how to fix it...
as far as foundfrom the web, I need to add some lines like

SSLProtocol -ALL +SSLv3 +TLSv1

 to SOMEWHERE that I dont know and how...
according to web site that I have inspired :) , those lines should be 
added to Apache/mos_ssl, httpd.conf, or ssl.conf ...
but I dont have these files in tomcat directory...

what should I do ?

thank you...

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message