On Fri, 18 May 2001, Brian Lloyd wrote:
Ivo), I propose that it default to "Manager, Anonymous" so that current behavior is preserved. In other words, I think it is better that sites continue to work exactly as before after the change (but that the manager can then go turn off anonymous DAV access), rather than have sites suddenly "stop working with WebDAV" until the manager goes and gives anonymous that permission.
Thoughts?
Here's mine, for a future version of Zope: What would be nice is an installation/launching option for Zope's security to be set to maximum security by default, i.e. anonymous wouldn't even have the View permission by default, and the admin would have to manually set the anonymous permissions. kind of like the ALL: PARANOID in /etc/hosts.deny and and no hosts.allow file. What would be even better is that such a thing doesn't appear in Zope before I understand completely how the permission system really work ;-) bye, Jerome Alet