[Zope-CMF] members-only section of cmf site
Dieter Maurer
dieter@handshake.de
Thu, 17 Jul 2003 21:41:05 +0200
Sam Brauer wrote at 2003-7-16 16:24 -0400:
> ...
> Although this works on my dev box, when I tried it on a production
> server (where Apache is in front of Zope and we use a
> VirtualHostMonster) it doesn't work. I've re-checked the permissions
> and re-tested several times, but it's still possible for anonymous users
> to view content inside a folder with permissions set as described above.
>
> Any help would be most appreciated.
Someone else already pointed out: (external HTTP) caches may compromize secure
access. A legitimate access may bring the page in the cache
and later an illegitimate access may get it from the cache
without even asking Zope.
Otherwise, I have no more insight into your problem.
However, I would like to stress that Apache (in non-caching mode)
and VHM do not affect access to Zope objects.
Dieter