Brian Lloyd wrote:
If I used some other WebDAV client, could I then download acl_users, and if so, would this expose usernames/passwords?
It would not expose passwords - I believe that what you are seeing is a sort of non-obvious but basically harmless thing. User folders (acl_users) do not have an index_html method (by design). When a DAV client tries to "download" acl_users, it is actually acquiring the closest index_html from above and downloading that :^) One could argue that this is lame and that attempting to GET .../acl_users/ should raise an error (404?). I'm interested in other viewpoints on this - if there is some consensus, a proposed change should be put in the Collector.
Thanx for an informative response! Btw I tried WebDAV vs. www.zope.org and that site refused the connection attempt. Is there some obvious setting that I can use to disable WebDAV, since I don't need it (as far as I know;) regards /Jacob Lundqvist -- Mail: Jaclu@galdrion.com Phone: +46-708-555 456