Hi. I'm new to AXIS2 and Web Services in general. I've been able to get things going with AXIS2 configured using Tomcat. I've been able to build and run the samples and have build some of my own now, running in my Intranet. This is great stuff. What is mystery to me, however, is how to ensure security when I make my web services available over the Internet. I have to open the Tomcat port in my firewall, but then web users could stumble onto the Tomcat home page and the AXIS2 home page. Of course, both are protected by administrator passwords, but is there a mechanism to inhibit the browsing of these pages without affecting access to the web services? I'm just not getting how this would work and I didn't find any clues in the documentation. Thanks. Carlos
