[Zope] Non-existing Zope-Security!!!
Stephan Goeldi
stephan.goeldi@datacomm.ch
Fri, 13 Oct 2000 10:23:37 GMT
OK let me state that I don't think so (subject line). I had to choose this
subject, because it seems to me, that nobody was interested in my previous
attempts to get information about my problem. So here is my newbie (?)
question again:
I have the folders:
/www/folder1
/www/folder2
Apache redirects domain1 to folder1 and domain2 to folder2.
The manager of folder1 is able to browse to /www and see what folders exist
there. He shouldn't, because he only exists in the acl_user of /www/folder1.
He even can look into the folder /www/folder2 (but not into the objects).
Is it possible to disable the access for the folder1-manager above folder1?
It doesn't seem to me. If it really isn't possible, there is no security at
all for ISP uses of Zope. But I'm sure, there should be a possibility.
I even created a local role in /www/folder1 too. Even with the local role I
can browse /www and /www/folder2!
Any suggestions?
TIA
-goe-
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.