Ulrich Wisser wrote:
The authorisation should be made for http://my.zope/subfolder/. Then the path is /subfolder/ and only objects under subfolder will be accessed with auth info.
Yes I use basic authentication (no cookies).
This is really interesting. :-) I haven't had a chance to look into this yet, but from what you've said, the default basic authentication algorithm in Zope is to use as the "authentication root" the value of PATH_INFO (or PATH_TRANSLATED perhaps), when it should be set to the value of "root" in the following pseudocode. if PATH_ENFO ends in '/': root = PATH_INFO else: root = PATH_INFO+'/'. That sounds like it is probably a simple patch to Zope authentication. -- Steve Alexander Software Engineer Cat-Box limited