I'm having a bit of trouble with security and ZPT. I am locking down my site such that only the cookie login page has anonymous view permission. This page however is used with the VirtualHost monster so all the links off it have something like tal:attributes="here/reg/register.html/absolute_url". Now from looking at the code absolute_url is a public method so shouldn't call be allowable without having to make register.html viewable to anonymous? Without ZPT proxy roles would be the answer but that isn't offer with ZPT :( ---- Dylan Jay mailto:djay@avaya.com Avaya Communication Tel: +61-2-9352-8642 Level 3, 123 Epping Road FAX: +61-2-9352 9224 Nth Ryde NSW 2113 Mobile: 0409 606 171 AUSTRALIA