[Zope] Risky Giving Anon User Permission to View Management Panel
Jeff Rush
Jeff Rush" <jrush@timecastle.net
Fri, 12 Nov 99 14:21:23 -0500
Are there any security risks associated with giving the anonymous
user under Zope the 'view management panel' permission? He
doesn't seem to be able to delete/modify/add things, and I thought
it might be good on some sites intended for demo to allow people
to peek under the covers and see how it was all done.
Zope.org seems to give you this permission to some degree, since
you need it to be allowed to click on the "view DTML source",
but they (somehow) prevent you from getting to the actual '/manage'
interface (I'd love to know how).
Besides protecting code-under-development, in their case, is
there any risk I would be taking? I don't hide passwords or
mention confidential things in my DTML... ;-)
-Jeff Rush