Re: [Zope-Coders] Checkin messages
On 7/22/05, Florent Guillaume [EMAIL PROTECTED] wrote: If someone does a checkin but is not subscribed with the correct mail to the zope-checkins list, the checkin doesn't appear there. This sucks. A number of checkins have gone under the radar in the last few months. Could the checkin lists be changed to allow non-member posts? Or, if that's too much filtering work because of spam, could the generated checkin message come from a fixed [EMAIL PROTECTED] email that would be subscribed to the list (but receive no mail)? At least, you should receive a bounce message that you are not allowed to post, but I don't remember getting any such messages... I could be going senile of course... ___ Zope-Coders mailing list Zope-Coders@zope.org http://mail.zope.org/mailman/listinfo/zope-coders
Re: [Zope-Coders] Wrong username and password == Anonymous User?
On 4/21/05, Chris Withers [EMAIL PROTECTED] wrote: If it's accessible by anonymous that is the same as not requiring authorization. I don't think that's the case. I have a specific requirement on the project I'm currently working on to know who the current user is, even if the something is anonymously accessible. So you *allow* authorization, and use it, but you don't *require* it. Perhaps userfolders should have the opportunity to do something as they're traversed through to authenticate, rather than waiting until something that requires authorisation kicks them off? Sounds reasonable. Nope, not IE. Yes, that is non-standard. Are you sure? I'm pretty sure I remember the ZMI's logout link working in IE, and that relies on returning 401's... Last time I checked it didn't work. But they do that so that if you click on something that you can NOT access, you can continue surfing without having to log in again. Which actually is pretty reasonable in a way. ...not if they don't also provide a method to consciously drop basic auth headers ;-) Yet Another Crappy Standard. Well, I have to say I was really disappointed when I read the W3C specs for response codes. They freely interchange authentication and authorization, which are two totally different concepts :-( Right. -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ ___ Zope-Coders mailing list Zope-Coders@zope.org http://mail.zope.org/mailman/listinfo/zope-coders
Re: [Zope-Coders] Wrong username and password == Anonymous User?
On 4/20/05, Sidnei da Silva [EMAIL PROTECTED] wrote: Supposedly you would not be able to access that part of the site until you authenticate against it. Isn't that the case now? Assuming it requires authentication, yes. The main problem here is that Internet Explorer doesn't allow you to log out, for example. So, in principal, invalid credentials should raise an error, but in practice, you can't do that if you use Simple HTTP authentication. With other authentication schemes, where you can log out properly, it's would be possible. -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ ___ Zope-Coders mailing list Zope-Coders@zope.org http://mail.zope.org/mailman/listinfo/zope-coders