Of course I did. Why on earth would you be able to view a front page of a site when it is labelled as 'authenticated' and also as 'manager' ? just by pressing cancel or return a few times. Big security flaw I'm sorry. Also superuser passwords don't work when security is set up and I've tried this on a couple of set-ups. And this is apart from the usability. On 2/8/06, Tino Wildenhain <tino@wildenhain.de> wrote:
michael nt milne schrieb:
Thanks for the advice. I'll have another look at the security settings but this is undoubtedly an issue. The superuser password not working is the main one etc. But ultimately my comments on usabiltity should be taken on board because Zope security is overly complex.
Actually its not that hard - and its just fine grained - a very strength of zope. You can use VerboseSecurity to debug your security issues.
Did you read the chapter about users and security in the zope book?
Regards Tino
-- Michael