Re: [Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne Wed, 08 Feb 2006 13:38:31 -0800

Of course I did. Why on earth would you be able to view a front page of a site when it is labelled as 'authenticated' and also as 'manager' ? just by pressing cancel or return a few times. Big security flaw I'm sorry. Also superuser passwords don't work when security is set up and I've tried this on a couple of set-ups. And this is apart from the usability.

On 2/8/06, Tino Wildenhain <[EMAIL PROTECTED]> wrote:

michael nt milne schrieb:
>  Thanks for the advice. I'll have another look at the security settings
> but this is undoubtedly an issue.  The superuser password not working is
> the main one etc. But ultimately my  comments on usabiltity should be
> taken on board because Zope security is overly complex.

Actually its not that hard - and its just fine grained - a very strength
of zope. You can use VerboseSecurity to debug your security issues.

Did you read the chapter about users and security in the zope book?

Regards
Tino

--
Michael

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

Reply via email to