Thanks for the tip on the product. Will look into it. I need to dive into the security issues, but I have moved alot of my stuff to a hosting environment that definately has more experience with this stuff. That way I can focus on developing more and admin'ing less. But, the security seems alittle lax with Zope. With the flip of a checkbox - anyone can then get into my backend. Not good. And to do it on error is I think even worse. Would never fly in corporate land. But Zope rocks none the less. Thanks David On Fri, 11 May 2001, Flynt wrote:
Charlie Blanchard wrote:
On Fri, May 11, 2001 at 01:58:50PM -0600, Casey Duncan wrote: [snippity snip snip]
It sounds like your Anonymous role has the View management screen permission set somewhere (like at the root). Check it in the security tab of your root folder.
After reading this post I felt the need to check my server to double check my settings and wonder if there is some source of info about some of the permissions that I'm overlooking. For instance, just what is it that allowing "Access contents information" permits or blocks? And what baseline permissions should be enabled/disabled on a 'live production' server as a matter of good practice? Any info that someone can provide or point to would be very welcome indeed...
tia, --
Hi Charlie, hi Dave
There is product by Tres Seavers, which at least helps, to get a better look into a Zope installations actual security settings. I just mention it, in case you don't know:
http://www.zope.org/Members/tseaver/ZopeSecurityAudit
Maybe, this is of some help for you. It was for me.
Flynt