+-------[ Joachim Schmitz ]---------------------- | | > | Yes ! | > | > is index_html calling something that is *inside* the locked folder? | | that's the idea of this setup, you have only one index_html in the root-folder | which looks like this: | | <dtml-var header> | <dtml-var content> | <dtml-var footer> | | so you just setup a new folder with a content method in it. You also have to be careful it doesn't just acquire one from above that it does have permissions for... try this; ------------------------------------------------------------------------ <dtml-var header> <dtml-try> <dtml-var content> <dtml-except Unauthorized> <dtml-call "RESPONSE.redirect('acl_users/docLogin?destination='+URL)"> </dtml-try> <dtml-var footer> ------------------------------------------------------------------------ This mess will change when the traversal security is fixed to stop when it reaches somewhere you don't have permissions to. -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|