12 Nov
1999
12 Nov
'99
7:21 p.m.
Are there any security risks associated with giving the anonymous user under Zope the 'view management panel' permission? He doesn't seem to be able to delete/modify/add things, and I thought it might be good on some sites intended for demo to allow people to peek under the covers and see how it was all done. Zope.org seems to give you this permission to some degree, since you need it to be allowed to click on the "view DTML source", but they (somehow) prevent you from getting to the actual '/manage' interface (I'd love to know how). Besides protecting code-under-development, in their case, is there any risk I would be taking? I don't hide passwords or mention confidential things in my DTML... ;-) -Jeff Rush