[Zope-dev] Problem 4: Access to other virtual hosts (security
issue?)
Chris Withers
chrisw@nipltd.com
Tue, 05 Sep 2000 11:17:32 +0100
Itamar Shtull-Trauring wrote:
> When using virtual hosting, it is still possible to access the /websites
> folder for example, using acquistion. So I can view the contents of one
> website from the other: www.example.com/websites/example2, and
> www.example2.com/websites/example.
I don't think this is a 2.2 issue. It has always been like this AFAIK...
What you really what is a non-acquiring folder for the /example and
/example2 folders.
This shouldn't be too hard to implement :-S
Does this sounds like the right idea?
cheers,
Chris
PS: This shouldn't really be a security issue, it's more of a 'niceness'
thing as the security stuff will still work as it should (unless,
perhaps, you do domain-based authentication...) Sadly, that sort of
thing seems to go right down the priority lists :-( (go see
http://www.zope.org/standard_html_footer for another example...)