[Zope-dev] WebDAV etc permissions (Re: zope nautilus cabal)
Lalo Martins
lalo@hackandroll.org
Wed, 18 Apr 2001 15:39:20 -0300
On Fri, Apr 13, 2001 at 11:48:39PM +0100, Chris Withers wrote:
> > The WebDAV (and XMLRPC) stuff either needs to be decomposed to run on its
> > own port (and only that port) or more explicit permissions need to be
> > associated with WebDAV/XMLRPC operations if we take for granted that being
> > able to browse the root folder structure is a bad thing.
(...)
> Basically, 'access contents information' isn't a great permission. If you
> turn if off, life gets horrible, if you leave it on, bits hang out. I'd
> prefer to see something like:
> - Access Contents Information via HTTP
> - Access Contents Information via FTP
> ..etc...
When I crawled out of bed today it ocurred to me that there is
a very reasonable sollution already.
We've had a "FTP access" permission for ages. So, either:
- make WebDAV, XMLRPC etc protected by "View Management Screens"
- make WebDAV, XMLRPC etc protected by "FTP access"
- make WebDAV, XMLRPC etc protected by "DAV/RPC access"
(a new permission)
yes?
[]s,
|alo
+----
--
I say a prayer now our love's departed
That you'll come back to stay
Bring back the perfect day
http://www.laranja.org/ mailto:lalo@laranja.org
pgp key: http://www.laranja.org/pessoal/pgp
Brazil of Darkness (RPG) --- http://www.BroDar.org/