>>>> Production sites running a stock Zope are vulnerable to abuse of >>>> their server if they have not removed the 'Examples' folder. For >>>> example, anyone could use >>>> http://notcarefulenough.com/Examples/FileLibrary as a warez repository.
>>> Are you sure? I get an "Unauthorized" error (but not until I >>> actually try to upload). >>> >>> Shane >> >> I'm sure, I've tried it on a few sites. > > Wait a minute, now I see it. The "addFile" script has the "Manager" > proxy role! (And apparently my Zope is disregarding the proxy roles.) > That's wrong. I suggest we remove the proxy roles, replacing the proxy > role explanation with the text "you can set proxy roles if you want > anonymous users to be able to use this script". Don't forget the Message Board application too. Are you fixing this or shall I? seb _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )