[Zope-dev] Re: zope nautilus cabal

Federico Di Gregorio fog@mixadlive.com
Fri, 13 Apr 2001 17:01:13 +0200


this is true. i tried to acces zope on my local machine at the address

	http://localhost:9673/

(note: *without* the manage!) and nautilus showed me everything. both
mozilla and netscape show the welcome page. if i add manage nautilus
simply refuse to authenticate. my impression is that even if http:
is specified, nautilus uses some other kind of protocol (webdav?)
to read the contents of the url.

the bad thing is that you can read (not modify) every single document
in the zope db. 

ciao,
federico
 
Scavenging the mail folder uncovered andrea@debian.org's letter:
> Hi, here in mixad have found a "mysterious" bug with zope and
> nautilus.  We are investigating if is a bug or a feature. 
> 
> The problem is that nautilus can browse the internals of zope directory 
> without authentication. 
> 
> The method is pointing nautilus to http://www.foo.bar:9673 simply. 
> 
> Please can someone try to reproduce the bug ? The version of the 
> sw is:
> 
> 
> ii  libnautilus0   1.0-3          Shared libraries that part of Nautilus
> ii  libncurses5    5.2.20010318-1 Shared libraries for terminal handling
> 
> ii  nautilus       1.0-3          file manager and graphical shell
> rc  nautilus-trilo 1.0-2          Nautilus component framework for services
> 
> ii  zope           2.3.1-1        The Z Object Publishing Environment 
> 
> 
> 
> Regards 
> 
> Andrea Fanfani
> -- 
> Andrea Fanfani 
> Era  talmente intelligente  che, datogli  in  mano un  cubo di  Rubik,
> riusciva a mangiarlo in 15 secondi netti. (Anonimo)
> 



-- 
Federico Di Gregorio
MIXAD LIVE Chief of Research & Technology              fog@mixadlive.com
Debian GNU/Linux Developer & Italian Press Contact        fog@debian.org
   Abandon the search for Truth; settle for a good fantasy. -- Anonymous