michael nt milne schrieb:
Of course I did. Why on earth would you be able to view a front page of a site when it is labelled as 'authenticated' and also as 'manager' ? just by pressing cancel or return a few times. Big security flaw I'm sorry. Also superuser passwords don't work when security is set up and I've tried this on a couple of set-ups. And this is apart from the usability.
I dont get what you tried... many of us are doing it and it just works. Much easier as with apache I say. Apropos getting and trying... could you try to set your mail-client to text only and quote like all others do? This would make it easier to read what you type :-) You only remove [ ] Acquire for View and assign it to Authenticated or better to whatever role your users should belong. Canceling Authentication requester will not show you contents but the standard_error_page - unless you have a broken useragent (e.g. Internetexplorer) with horrible cache settings and did view the authenticated page before. Regards Tino Wildenhain