tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Duan, Nick" <ND...@mcdonaldbradley.com>
Subject RE: Tomcat, Security, Anonymous Authentication
Date Mon, 13 Feb 2006 15:03:39 GMT
Anonymous authentication is an additional feature that you need to create in your web application.
 It doesn't come by default in any app servers.  So there is no need to disable it when configuring
Tomcat.

There is a good article in JavaWorld discussing about anonymous authentication in J2EE.  

http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html

ND

-----Original Message-----
From: Aydın Toprak [mailto:aydin.toprak@intengo.com] 
Sent: Monday, February 13, 2006 4:27 AM
To: users@tomcat.apache.org
Subject: Tomcat, Security, Anonymous Authentication

Hi,

I have a question about the security issue that I have to cover of my 
server.

I have web service which runs on Tomcat 5.5 with SSL  ...
I have installed all the SSL system on the server and it works fine, 
however as a little advance subject,
I have to recover some security issues,...
 the first one is Disabling anonymous authentication ...
I actually dont know the exact meaning of it an how to fix it...
as far as foundfrom the web, I need to add some lines like

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite
ALL:!aNULL:!ADH:!ADH:!eNULL:!LOW:!EXP:RCA4+RSA:+HIGH:+MEDIUM

 to SOMEWHERE that I dont know and how...
according to web site that I have inspired :) , those lines should be 
added to Apache/mos_ssl, httpd.conf, or ssl.conf ...
but I dont have these files in tomcat directory...

what should I do ?

thank you...



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message