I have a weird security problem with my Zope installation. I'm now running Zope 2.3.2 on Windows98, but the problem also occurred in Zope 2.3.1.
I installed a Webfolder in my explorer, to gain access via Webdav to the Zope Server. It did'nt require a username/password to gain full access to the server... I tried to change my password from within Zope, but that did'nt change a thing... I can walk in, without authentication needed...!
I have come across this "problem" a couple of months ago. One additional thing that irritated me was that MS Explorer stores all the WebDAV passwords if you don't switch this off explicitly. But as has been said before, WebDAV in Zope is not any more secure or insecure than HTTP access via the browser. I don't even think that it makes any sense to have a separate security scheme for WebDAV (or FTP or XML-RPC, to name a view others). If you think that anonymous users should be able to do something to a resource via the browser, we shouldn't they be able to do the same thing using a different client? Joachim