[Zope] Determining permissions in a Product

Michael Bernstein webmaven@lvcm.com
Thu, 19 Oct 2000 07:30:04 -0700


Chris Withers wrote:
> 
> When the dialog box pops up, hit cancel and see what authorization
> failed on.
> That should give you some clues as to what needs fixing.
> 
> Incidnetally, I think this is a bit of a security hole. You shouldn't
> get told what you're not allowed to see, especially if it's 'cos you got
> your password wrong. If you see what I mean ;-)

I see what you mean here, Chris, but wouldn't this come
under the heading of a 'security through obscurity' hole?
ie. you're saying that the system isn't obscure enough?

Michael.