15 Jun
2001
15 Jun
'01
8 a.m.
If you go to www.yoursite.com/manage_workspace
you can access the manage screens of zope
THIS IS NOT GOOD
how can you overcome this
I am using solaris v8 with apache as the web server talking to another solaris box with zope 2-3-0
I have just found a way to edit the source code so that it emails me with the user name and password whenever the next person logs in. I can also edit any source code within the site.
REQUIRE QUICK RESPONSE
You aren't paid by Microsoft or so? ;-) No, seriously, there is no known security bug as you describe it. If your authenticated user or anonymous user has been granted management rights, he will see the management screens. If not, he won't. Joachim.