[Zope-dev] Re: zope nautilus cabal
Chris Withers
chrisw@nipltd.com
Fri, 13 Apr 2001 23:48:39 +0100
> The WebDAV (and XMLRPC) stuff either needs to be decomposed to run on its
> own port (and only that port) or more explicit permissions need to be
> associated with WebDAV/XMLRPC operations if we take for granted that being
> able to browse the root folder structure is a bad thing.
Well, this came up before, a few times, and mainly from me ;-)
objectIds used to be anonymously accessible over http too... I remember
having loads of fun with http://www.zope.org/objectIds,
http://www.digicool.com/objectIds, http://www.cbsnewyork.com/objectIds, it
was even better when objectValues was hanging out too and you can find out
what products people were using.
...but I digress ;-)
Basically, 'access contents information' isn't a great permission. If you
turn if off, life gets horrible, if you leave it on, bits hang out. I'd
prefer to see something like:
- Access Contents Information via HTTP
- Access Contents Information via FTP
...etc...
I did actually put a proposal relating to this (and the problem of things
like standard_html_header, _footer, etc hanging out as well) on dev.zope.org
ages ago, but never really got to follow up on it. I wonder what happened to
it?
cheers,
Chris