webdav access defaults to anonymous?
Hi; I am starting to learn about webdav, so I downloaded the cadaver client and out of curiousity pointed it at my zope server. I was a bit surprised (!) to find that I could wander around in there getting listings of all of the directories... There is a setting for "WebDAV Access" which was marked "Anonymous" and which I am sure I never changed. Should this default to manager only? _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
this is changed in 2.7 -aj --On Mittwoch, 6. August 2003 18:38 Uhr +0000 Lee Harr <missive@hotmail.com> wrote:
Hi;
I am starting to learn about webdav, so I downloaded the cadaver client and out of curiousity pointed it at my zope server. I was a bit surprised (!) to find that I could wander around in there getting listings of all of the directories...
There is a setting for "WebDAV Access" which was marked "Anonymous" and which I am sure I never changed.
Should this default to manager only?
_________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
On Wed, 2003-08-06 at 11:38, Lee Harr wrote:
There is a setting for "WebDAV Access" which was marked "Anonymous" and which I am sure I never changed.
That's the default setting. Shouldn't be, probably, but it is.
Should this default to manager only?
It should be set according to how you want WebDAV to work. At a minimum, I'd restrict it to Authenticated unless you're running a public file server. It's a good idea to take a close look at your other security settings too. There are a couple other default settings (like "Access contents information") that may be more permissive than you might expect. HTH / IMO, Dylan
participants (3)
-
Andreas Jung -
Dylan Reinhardt -
Lee Harr