Aleksandar Radulovic wrote at 2003-7-14 14:02 -0000:
I noticed this problem quite a while ago, and it's still bothering me.
Layout of the problem:
Let's say we have a machine with a domain machine.net on it, running Zope server. Now, we want to host 2 new domains: domain1.com and domain2.com. Now, why does the following work:
machine.net/Examples domain1.com/Examples domain2.com/Examples
I assume you mean that all domains can access "Examples" in the root folder. Right? Zope allows users access to objects outside of the subhierarchy governed by the "acl_users" which authenticated the user if the object access is allowed for "Anonymous" (or it is public). Thus, you can tweak your "permission-role-mapping" (in the "Security" tab) to prevent the unwanted access.
I understand why it works, but i would like to configure Zope so it doesn't work.
Also, if we have a directory testing in domain1.com's folder, this will work too:
machine.net/testing domain1.com/testing domain2.com/testing
That sounds strange unless all your domains point to the root folder.
Is there a way to stop this for happening or is this an issue still not resolved?
Maybe, once we fully understood your problem... Dieter