4 Jul
2000
4 Jul
'00
8:23 p.m.
Dieter Maurer wrote:
A user that does not log in, i.e. a user you know nothing of, gets the "Anonymous" role automatically (at least with "acl_users"). A logged in user may not get the "Anonymous" role.
This does not provide additional security, because this user may simply shut down his browser and access the page again as anonymous user. On the other hand, it may result in surprises: suddenly (after a log on) I can no longer do things that I was able to do before the log on.
I think, this should be changed.
I agree, and I've said so, many times before ;-) Chris