On Tue, 22 Feb 2000, Matt Goodall wrote:
Michiel Toneman wrote:
----------- 2000-02-22T16:15:19 ERROR(200) GUF http://newserver:8080/test_access/acl_users/userAuthenticate raised an exception (('Unauthorized', 'You are not authorized to access <em>SQL_get_password</em>.', <traceback object at 85ec318>)) -----------
SQL_get_password is a ZSQL method like:
--------------------------- SELECT password as real_password FROM users_tmp WHERE name=<dtml-sqlvar username type=string> --------------------------- with as Argument "username"
I've given all possible permissions to the SQL method, but no dice :(
Any suggestions?
I think you need to give the userAuthenticate and userList methods a proxy role of "Anonymous".
Yer, although it is generally a proxy role of 'Manager'. If you're SQL methods are accessible to the Anonymous role you may have an absolutly huge security hole on your site. -- ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen