[Zope] WebDAV's not really the problem...

Jason Cunliffe jasonic@nomadicsltd.com
Fri, 29 Sep 2000 14:37:18 -0400


> Yes, your fears are valid, but WebDAV really isn't the problem. Zope, at
> a deeper level, is what is causing your problem.
> You can find out the above information using any web browser, try this:
>
> http://www.cbsnewyork.com/objectIds
>
> I see they haven't deleted the QuickStart. Interesting... As you point
> out, once you know the names of methods and the like (see
> http://www.cbsnewyork.com/objectValues to find out what type objects
[--8<--snip]
> It's a hard problem to solve, made harder by the fact that Zope supports
> loads of protocols and is totally manageable through the web. These are
> Zope's strengths, but they do raise interesting problems :-S

This reveals a fascinating double-edged sword.
It also makes for a very good way to explore what Zope really is and does.

It would be cool if someone could set up a small Zopesite pro-actively, to
demonsrte and explain this stuff better.

Also me think that the security issues coul be addressed by having
securebot DTMLmtehod which could go through the site, sniffing out stuff fed
it by a template page and assigning come other role or settign preoperties
to allow stronger filtering of requests on a folder scale. Maybe this is
impossible due the reverse- peverse catch-22 nature of 'acquisition'.

But surely one could use acqusition to insitute an even higher level method
which would check any requests say which do not come from that local or
specified IP/domain ?

any thoughts?

- Jason