Thanks for that Chris, but isn't that quite risky? What I mean is that Medusa should not allow unauthenticated users to login at all because though one is not allowed to do anything as yet, you never know when someone will find a hack round that and then you end up with a denial of service attack or something?? ...Or am I just being over-paraniod :-( ? On Thu, 22 Mar 2001, Chris Withers wrote:
Medusa's FTP will let you login with _any_ username and password, IIRC (a bug IMHO) but you can only _do_ anything if a Zope user object exists with that username _and_ it has the rights to do what you want to do.
Almost related, I've been havign trouble FTP'ing into a lot of our Zope instances with ange-ftp recently. Basically, login goes fine, but then it just sits there saying:
Listing.... /chris@localhost 8021:/test/...
...where test si a DTML method.
any ideas?