I propose to change the order which a vacation in URL traversal or performed. See and comment at: http://www.zope.org/Members/jim/ZopeSecurity/ProposalToAuthenticateDuringURL... Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (888) 344-4332 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
Jim Fulton wrote:
http://www.zope.org/Members/jim/ZopeSecurity/ProposalToAuthenticateDuringURL...
I wonder whether this would fix the following problem: http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/82AE22A20C7E88AE What I reckon is happening is that HTTP is being dumb and presenting the authentication information for the image 'black'. Black knows nothing about this user (because it's defined in a subfolder) and so throws an authentication exception, ignoring the fact that _anyone_ should be able to view this image... Ideas anyone? cheers. Chris
Jim Fulton wrote:
I propose to change the order which a vacation in URL traversal or performed. See
Sorry, I meant "authentication", not "a vacation". :)
and comment at:
http://www.zope.org/Members/jim/ZopeSecurity/ProposalToAuthenticateDuringURL...
Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (888) 344-4332 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
In article <392D4226.1EF37E7B@digicool.com>, Jim Fulton <jim@digicool.com> wrote:
I propose to change the order which a vacation in URL traversal or
Good idea, we could all use a vacation :-)
performed. See and comment at: http://www.zope.org/Members/jim/ZopeSecurity/ProposalToAuthenticateDuringURL...
To clarify, do you mean that authentication will be done at *every* user folder found along the way, or at the first one found, or attempted at each one until one succeeds, so long as anonymous still has permission to continue walking down, or what?
participants (4)
-
Chris Withers -
Jim Fulton -
Jonothan Farr -
tsarnaļ¼ endicor.com