9 Mar
2001
9 Mar
'01
1:08 p.m.
On Thu, 8 Mar 2001, Randall F. Kern wrote:
root a acl_users bob, role manager
Now goto http://yourserver.com/a/Control_Panel/manage_main. Log in as bob. The page is displayed, and some of the options work, like you can remove products.
Is this a bug or a misunderstanding on my part?
It looks like a big security hole in Zope. The problem here is that Control_Panle should not be acquired. Please report the bug into Collector. Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.