On Wed, 10 Nov 1999 01:46:13 -0500, Otto Hammersmith wrote:

So, my question is, does there exist a laundry list of common Zope misconfigurations? Does there need to be one (Zope.org tips)? The solution is rather obvious (settings on the security tab for the folder) but how do new users know to catch that kind of thing?

Yes, there badly needs to be one. I've run across a few slip-ups and I'm sure we all here know of many more. As far as I know, there isn't even a precise description of each of the permissions that an administrator can review to decide which he wants to grant (ZQR?). I'd break it into two parts -- one for sites w/o members who can write DTML and one for those with -- similar to Unix boxes that do or do not give out shell accounts. Insider attacks versus outsider attacks. -Jeff Rush