And I was shocked and dismayed to find out that this actually works. It seems like a huge potential security breach for the unwary, since it is available for any attacker. Granted, access rules are not really intended for security, but it is very easy to assume that they always work, and make decisions with security implications based on that assumption.
I can't see any security-related issues here. I mean, if you don't do anything against it (like having a packet-filter/firewall/proxy in front of the Zope server), any of the original ports will still be kind of accessible anyway. Regardless whether you can override the access rule or not. How would you "protect" a site using siterules I'm not talking about Apache siterules, which can savely be used for protection I guess. Joachim