You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@sling.apache.org by Markus Joschko <ma...@gmail.com> on 2011/10/07 14:25:39 UTC

Anonymous user

I just stumbled upon the anonymous user and that is virtually
impossible to delete it, as it is recreated on every repository start.
It is also not possible to change the password for the anonymous user.
So the only chance to get the site secured is to disable the anonymous
user, so nobody can login as anonymous.

If I do that, I can no longer use the jackrabbit command line tool
(connecting via davex) as this always uses the anonymous user to
initially connect against the repository.

So I either have an unsecured webapplication or I can no longer browse
my data through davex :-(

Any way out of this misery?

Thanks,
 Markus

Re: Anonymous user

Posted by Markus Joschko <ma...@gmail.com>.

OK, forget about it. The fix
https://issues.apache.org/jira/browse/JCR-3076 on trunk also works for
this problem.

On Fri, Oct 7, 2011 at 2:25 PM, Markus Joschko <ma...@gmail.com> wrote:
> I just stumbled upon the anonymous user and that is virtually
> impossible to delete it, as it is recreated on every repository start.
> It is also not possible to change the password for the anonymous user.
> So the only chance to get the site secured is to disable the anonymous
> user, so nobody can login as anonymous.
>
> If I do that, I can no longer use the jackrabbit command line tool
> (connecting via davex) as this always uses the anonymous user to
> initially connect against the repository.
>
> So I either have an unsecured webapplication or I can no longer browse
> my data through davex :-(
>
> Any way out of this misery?
>
> Thanks,
>  Markus
>