[Zope] Security and Acquisition

Charlie Wilkinson cwilkins@boinklabs.com
Thu, 9 Nov 2000 18:37:07 -0500 

> [Charlie Wilkinson]
> 
> | Greetings,
> 
> Hola!
> 
> | Now, referring to figure 1 (above :-), changes to security settings
> | for the acl_test folder are having no effect on access to index_html.
> | Only when I change the security settings on index_html itself, can I
> | control access to it.
> 
> Can it have something to do with acquirement of permission settings?
> (The leftmost column on the security tab).

Hi Morten,
Yes.  It's acting as if those little boxes were not checked! :)  As I was
replying to Jeff in a prior message, the mystery goes deeper.  I grabbed a
fresh copy of the latest CVS version, built it, set a superuser password
and ran it.  I then tried to visit the default index_html "Welcome to
Zope" page and was presented with a BASICAUTH type login box.  If I
explicitly set anonymous View permissions for the index_html (Welcome
to Zope) page, then I get in with no login as expected.  That isn't
normal is it?  Root folder objects would appear to be having the same
security setting acquisition problems as I was finding previously with
sub-folders and LoginManager.

I realize I'm on the bleeding edge of Zope running the CVS version,
but I heard the 2.2.3 version is due out RSN and figured maybe a little
"new version" pain now would be easier than upgrade pain later.  I'd sure
rather be saying "Here's a patch" than just "It's broke", but alas I
don't grok Python that well yet.  ("It's broke" still offers *some*
value, right?  :-)

To the Zope developers:  It seems pretty clear that Zope v2.2.cvs is
broken in regards to security settings acquisition.  Should I post to
zope-dev, or is there already a sufficient awareness/understanding of
the problem?

Thanks,
	Charlie

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Charlie Wilkinson - cwilkins@boinklabs.com - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
    Visit the Radio For Peace International Website: http://www.rfpi.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            CLOBBER INTERNET SPAM:  See!! <http://spam.abuse.net/>        
                                   Join!! <http://www.cauce.org/>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QOTD:
"Bush is a big corporation disguised as a human being running for president."
	-- Ralph Nader on David Letterman (9/28/00)