I have got a local configuration with a Linux server currently running Zope 2.1.1 for evaluation and some other machines, including a Win98 Notebook, connected to the server via Ethernet. The good thing is that I can use WebDAV to see and modify the Zope folders/objects from Internet Explorer 5.0 on the Win98 machine. The bad thing: There seems to be NO AUTHENTICATION needed to do this! I tried first on the Win98 itself with a local Zope. My guess was that it automatically accepts local connections as allowed. But when I "WebDAVed" into the Zope on the Linux machine, it was accessible, too. O.K., my Win98 uses a valid user/password on the Linux machine needed for Samba, so I tried with a different logon and Zope still was very open for WebDAV connections! Same with Win98 running in a VMWare box on another Linux machine! Is this a "feature" or a bug? If WebDAV was totally "open" by default, this would be a major security issue! The Linux server machine is also running SQUID as a proxy server for the other machines. Could that be part of the problem? If it is a security issue (tI think so), Is that problem still there in Zope 2.1.2? Joachim Werner