[Zope-CMF] Security problem with CMF 1.2 ?

Doyon, Jean-Francois Jean-Francois.Doyon@CCRS.NRCan.gc.ca
Tue, 29 Jan 2002 17:14:56 -0500


Hello,

I just recently installed CMF 1.2 and Zope 2.5.0 ... All is going well, =
but
now I've noticed a security problem:

anonymous users can view "private" content!!!

I've changed *NOTHING* to the security settings, except for disabling =
the
public "Join" ... (Add portal member)

I checked the settings and "Access future portal content" is NOT =
assigned to
the Anonymous users, but "View" is ... As it should be. This at the =
root of
the zope site, and everything below.

This is with the standard CMFDefault/Document.

I noticed this when I fell upon a document that should've redirected me =
to
log in, but instead I see it and the actions box says "Status: Private" =
...
yet I am not logged in ... (Yes I'm sure, since I also see "Log in" :)

Help?!?!

Thanks,

Jean-Fran=E7ois Doyon
Internet Service Development and Systems Support
GeoAccess Division
Canadian Center for Remote Sensing
Natural Resources Canada
http://atlas.gc.ca
Phone: (613) 992-4902
Fax: (613) 947-2410