...

Basically, if a user with manager privileges to a folder changes their password to be empty, then anyone (from permitted domains) can access the management screen for that folder Without Logging On... Zope assumes that you are the user without the password and treats you as if you have those rights.

This is a feature, but I don't know if or where it is documented besides the source code (which is a bug if it isn't I guess).

You're right - it is a feature. You are also right that it isn't documented anywhere that I can find :( I would suggest adding this to the Collector (as a 'Documentation Request'). Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com