Why/how can non-authenticated users download resources from my Artifactory server?

JFrog Support
2016-10-06 13:38

This usually occurs when Artifactory is configured to allow Anonymous Access.  This is configured via the 'Allow Anonymous Access'-checkbox, found under 'Admin' tab -> 'Security' -> 'General'.  Checking this box simply creates the Anonymous user as a configured user in Artifactory.  The permissions of this user are configured in the Artifactory permission targets in the same way as any other user.

When a non-authenticated user is trying to access Artifactory's content, if the Anonymous user exists, the non-authenticated user's requests will be handled according to the Anonymous user's permissions with regards to the content/repository of interest.

If you do not wish to grant access to non-authenticated users, simply uncheck the 'Allow Anonymous Access'-checkbox, and all such interactions will be disallowed.  Otherwise, you will probably want to specify the exact permissions you are willing to provide to the Anonymous user in the existing permission targets.