oops, slipped on the keyboard, sorry about that partial post. here's the full version: DTMLFile objects in my python product can do things DTML Method's can't, and that is causing some trouble. In particular, dtml that is from a DTMLFile() attribute in a python product can <dtml-var> stuff (like a DTML Document) that doesn't have the correct permissions, and placing the same <dtml-var> tag into a TWW DTML Method results in a login dialog. Is this by design? Is there a way for me to turn this off? -Randy Details: For example, create a DTML Document (id secret) that only managers can 'View' or 'Access contents information' on. Then write a DTML Method that just does <dtml secret>. This correctly causes a login dialog, and will only show the contents of secret if you are authenticated with an account that has the manager role. Now write a python product somewhere, important bits look like this: class Foo(OFS.Folder): security = ClassSecurityInfo() security.declareObjectProtected('View') __class_init__ = Globals.default__class_init__ meta_type = "foo" def __init__(self, id): self.id = id security.declareProtected('View', 'test') test = Globals.DTMLFile('test', globals()) security.declareProtected('View', '__call__') def __call__(self, client=None, context={}, **extras): return apply(self.test, ((client, self), context), extras) then in test.dtml: <dtml-var secret> Now create an instance of Foo somewhere, and try calling either the test method or the object itself. In both cases, you'll see the contents of secret, without being logged in.