[Zope-dev] Strange bug(?) accessing File objects

Dieter Maurer dieter at handshake.de
Sat Sep 6 00:26:33 EDT 2003


Bjorn Stabell wrote at 2003-9-2 19:33 +0800:
 > Has anyone encountered this problem:
 > 
 > When accessing File objects that are not accessible to Anonymous (HTTP
 > and WebDAV View permissions not given), the Basic HTTP Auth window pops
 > up repeatedly even after the user has logged in using the cookie
 > crumbler method, and the user has permissions to view the file.
 > Clicking cancel actually lets the user view the file, but that's not an
 > acceptable solution, of course.
 > 
 > I see this behavior with Zope 2.5.1 & 2.6.1 (haven't tried 2.7b2 yet),
 > and I seem to recall earlier versions as well.

I could not reproduce your problem (Zope 2.6.2b2).
However, I remember that I saw similar problem reports in the mailing
list.

You get the basic authentication when the permission requirements
during request processing are stronger than that on the
published object. It is unclear, however, why you see the
file when you cancel the login dialog.

Shane's VerboseSecurity Product may give some clues.


Dieter



More information about the Zope-Dev mailing list