Re: [Zope] webdav security
From: Shane Hathaway <shane@digicool.com> To: Júlio Dinis Silva <juliodinis@hotmail.com> Subject: Re: [Zope] webdav security Date: Wed, 27 Sep 2000 14:10:07 -0400
"Júlio Dinis Silva" wrote:
Hello all!
Lets say that anyone can do ">cadaver www.myhost.com" and after that a
">ls"
listing my content. I know the user will see the objects processed, but just the fact that he can see my structure is bad for security.
How do I disable the webdav access, if possible?
Disallow "Access contents information" for anonymous.
Shane
Hi Shane, your solution is too much radical for a complex site already in production. Is there a way, maybe on ZServer to just not import the webdav support? thanks, Júlio Dinis Silva _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
JXlio Dinis Silva wrote:
How do I disable the webdav access, if possible?
Disallow "Access contents information" for anonymous.
Yeah, but what if you want Anonymous to be able to access contents information, just not through WebDAV? This is what I was getting at in the ProtocolAccessibility proposal on dev.zope.org... cheers, Chris
participants (2)
-
Chris Withers -
J�lio Dinis Silva