Been playing around with WebDAV from IE5 connecting to a RedHat 6.1 +Zope 2.1.6 And it seems that quite a bit of the stuff that propably shouldn't be visible can be seen, for example acl_users Without being logged in I can start a download of it, eventually IE5 fails, but I get this uncomfortable feeling that this is more due to IE5 not handling this document type than anything else... If I used some other WebDAV client, could I then download acl_users, and if so, would this expose usernames/passwords? I haven't fiddled with the Security Tab for acl_users, so it should be default permissions. Are they bad and what should they be changed to? --- Mail: Jaclu@galdrion.com Phone: +46-708-555 456 Am I there? http://maja.luba.se/jacob/jacob.jpg