On Fri, Apr 13, 2001 at 11:48:39PM +0100, Chris Withers wrote: > > The WebDAV (and XMLRPC) stuff either needs to be decomposed to run on its > > own port (and only that port) or more explicit permissions need to be > > associated with WebDAV/XMLRPC operations if we take for granted that being > > able to browse the root folder structure is a bad thing. (...) > Basically, 'access contents information' isn't a great permission. If you > turn if off, life gets horrible, if you leave it on, bits hang out. I'd > prefer to see something like: > - Access Contents Information via HTTP > - Access Contents Information via FTP > ..etc... When I crawled out of bed today it ocurred to me that there is a very reasonable sollution already. We've had a "FTP access" permission for ages. So, either: - make WebDAV, XMLRPC etc protected by "View Management Screens" - make WebDAV, XMLRPC etc protected by "FTP access" - make WebDAV, XMLRPC etc protected by "DAV/RPC access" (a new permission) yes? []s, |alo +---- -- I say a prayer now our love's departed That you'll come back to stay Bring back the perfect day http://www.laranja.org/ mailto:[EMAIL PROTECTED] pgp key: http://www.laranja.org/pessoal/pgp Brazil of Darkness (RPG) --- http://www.BroDar.org/ _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )