[Zope] Authentication, Anonymous and Public

Chris Withers chrisw@nipltd.com
Tue, 04 Jul 2000 21:23:34 +0100


Dieter Maurer wrote:
> A user that does not log in, i.e. a user you know nothing of,
> gets the "Anonymous" role automatically (at least with "acl_users").
> A logged in user may not get the "Anonymous" role.
> 
> This does not provide additional security, because this
> user may simply shut down his browser and access the page again
> as anonymous user.
> On the other hand, it may result in surprises: suddenly (after
> a log on) I can no longer do things that I was able to do
> before the log on.
> 
> I think, this should be changed.

I agree, and I've said so, many times before ;-)

Chris