Lately I've been noticing that http://host/zopeobject/manage_options is accessible TTW with no priveleges. Unless I'm on crack, wasn't always like this. I've been trying to figure out what changed and the only thing I can discern is is that may be related to using python 2.2. I've seen it happen with 2.6.1 & python 2.2, and I've seen it happen with HEAD & python 2.2, but never 2.6.1 & python 2.1.3. Can anyone else corroborate this? Even better does anyone else know how to fix it? I'm wondering if there's more hanging out in the open than just some attributes here and there. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squalling with the knowledge that for all the compasses in the world, there's only one direction, and time is its only measure." -Rosencrantz