Hmm.. if I recall correctly the problem goes something like this: say I have a user: joe defined in: /company/division/branch/group/acl_users when joe tries to FTP should Zope be expected to search all the 400 acl_users folders in the hierarchy until if finds a match? Or... what if there are *two* joe's which should I check? I think that the FTP permissions work just like HTTP permissions, they need a context to make any sense.. and if you can't log in at the root level.... you can't *get* to the context where you have any permissions. Unlike HTTP, FTP has the concept of a 'login' that is independent of traversal. I think the current behavior is a more or less reasonable attempt to deal with that problem. -steve
"CW" == Chris Withers <chrisw@nipltd.com> writes:
CW> Patrick wrote: >> Thanks for that Chris, but isn't that quite risky? What I >> mean is that Medusa should not allow unauthenticated users to >> login at all because though one is not allowed to do anything >> as yet, you never know when someone will find a hack round that >> and then you end up with a denial of service attack or >> something?? >> >> ...Or am I just being over-paraniod :-( CW> Not at all, I totally agree... stick it in the collector :-) CW> cheers, CW> Chris CW> _______________________________________________ Zope maillist CW> - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** CW> No cross posts or HTML encoding! ** (Related lists - CW> http://lists.zope.org/mailman/listinfo/zope-announce CW> http://lists.zope.org/mailman/listinfo/zope-dev )