Each time I go to access the ZMI - it automatically logs in as annonymous user. Thusly, anyone who knows my site address and goes to /manage - can see the insides of my zope instance - though the annon. priveleges dont allow them to do anything. This wasnt happening when I first installed. Now, everytime from inside and outside my network its doing this... Anyone have any ideas how to fix?? Thanks David
dave@kovach.com wrote:
Each time I go to access the ZMI - it automatically logs in as annonymous user.
Thusly, anyone who knows my site address and goes to /manage - can see the insides of my zope instance - though the annon. priveleges dont allow them to do anything.
This wasnt happening when I first installed. Now, everytime from inside and outside my network its doing this... Anyone have any ideas how to fix??
Thanks
David
It sounds like your Anonymous role has the View management screen permission set somewhere (like at the root). Check it in the security tab of your root folder. -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>
On Fri, May 11, 2001 at 01:58:50PM -0600, Casey Duncan wrote: [snippity snip snip]
It sounds like your Anonymous role has the View management screen permission set somewhere (like at the root). Check it in the security tab of your root folder.
After reading this post I felt the need to check my server to double check my settings and wonder if there is some source of info about some of the permissions that I'm overlooking. For instance, just what is it that allowing "Access contents information" permits or blocks? And what baseline permissions should be enabled/disabled on a 'live production' server as a matter of good practice? Any info that someone can provide or point to would be very welcome indeed... tia, -- charlie blanchard http://baldguru.com/ LosAngeles area Zope Users Group http://lazug.org
Charlie Blanchard wrote:
On Fri, May 11, 2001 at 01:58:50PM -0600, Casey Duncan wrote: [snippity snip snip]
It sounds like your Anonymous role has the View management screen permission set somewhere (like at the root). Check it in the security tab of your root folder.
After reading this post I felt the need to check my server to double check my settings and wonder if there is some source of info about some of the permissions that I'm overlooking. For instance, just what is it that allowing "Access contents information" permits or blocks? And what baseline permissions should be enabled/disabled on a 'live production' server as a matter of good practice? Any info that someone can provide or point to would be very welcome indeed...
tia, --
Hi Charlie, hi Dave There is product by Tres Seavers, which at least helps, to get a better look into a Zope installations actual security settings. I just mention it, in case you don't know: http://www.zope.org/Members/tseaver/ZopeSecurityAudit Maybe, this is of some help for you. It was for me. Flynt
On Sat, May 12, 2001 at 01:10:57AM +0200, Flynt wrote:
Hi Charlie, hi Dave
There is product by Tres Seavers, which at least helps, to get a better look into a Zope installations actual security settings. I just mention it, in case you don't know:
http://www.zope.org/Members/tseaver/ZopeSecurityAudit
Maybe, this is of some help for you. It was for me.
thanks Flynt. i checked it out and it is indeed interesting and useful! i'd still like some pointers to permission theory and practice tho if anyone knows of any such... <g> -- charlie blanchard http://baldguru.com/ LosAngeles area Zope Users Group http://lazug.org
participants (4)
-
Casey Duncan -
Charlie Blanchard -
dave@kovach.com -
Flynt