[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security

webmaster@zope.org webmaster@zope.org
Fri, 04 Oct 2002 12:21:06 -0400


A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#4-25

---------------

        The emergency user is only really useful for two things:
        fixing messed up permissions, and creating manager
        accounts. As we saw in Chapter 2, "Using Zope" you can log in
        as the emergency user to create a manager account when none
        exist. After you create a manager account you should log out
        as the emergency user and log back in as the manager.

          % shawnharrison - Oct. 4, 2002 1:15 am:
           I guess I don't understand "emergency user." What prevents Joe Anonymous user from creating a Joe A.
           Emergency user for himself, with which he makes a Joe A. E. Manager user for himself to hack the system?

          % Anonymous User - Oct. 4, 2002 12:21 pm:
           The emergency user can only be defined by someone with access to the filesystem where the Zope software
           lives. It cannot be defined "through the web".