This maybe more 2.6 (or even 2.5.1 final) fodder: I notice that in a vanilla Zope install, Anonymous users are allowed access through WebDAV. This is bad for two reasons: 1. From a security perspective this discloses way too much information about your site to the outside world. 2. Due to vagarities of WebDAV authentication, it makes it impossible to edit anything, because I guess the WebDAV implementation is too stupid to force a login when you try to lock something as anonymous (instead is returns a 500 server error). To get around this you have to create or copy an object to force a login. This problem disappears if everyone must login to access WebDAV at all. So the question is: Is there a good reason why WebDAV access is granted to anonymous by default? If not I vote we change it. /---------------------------------------------------\ Casey Duncan, Sr. Web Developer National Legal Aid and Defender Association c.duncan@nlada.org \---------------------------------------------------/