[Zope] security model with regards to aquisition

Jay, Dylan djay@lucent.com
Wed, 28 Apr 1999 14:48:05 +1000


I have a folder that has restricted access. In a parent folder I have a DTML
method that accesses a property of the folder. A browser that has not been
autheticated for viewing the folder can still view use the aquired method in
the folder, ie they type

http://server.com/RestrictedFolder/parentMethod and it works!!!

This seems counter intuitive to me. Either you have access to a folder or
you do not. Why is this the case and should it be? In any case how do I make
sure users can not do the above unless authenticated?