Lalo Martins wrote:
Since one of my sites doesn't use any password-protected database connection, or anything else that I can't let my users see, and since the site is primarily directed at the Free Software community, I'm considering a way of allowing users to view all my source code.
Just adding a ``view source'' method may not cut it, because cross-method calls would obscure a lot of the thing.
I was thinking that perhaps the most easy and powerful way would be giving ``View management screens'' to Anonymous. Assuming I don't give them any add/change/delete permissions, that should be safe enought, no? Or am I missing something?
No, it SHOULD be safe. Note that no one has done a full security audit of Zope. But, for the purposes of delegating managment, the ability to 'view' a managment screen and the ability to change something are allways different permissions. For example, members of zope.org can view the managment interface, but not necesarily do anything we don't want them to. -Michel