[Zope] How do I keep local managers from accessing the entire site?
Ron Bickers
rbickers-dated-998142264.dcd714@logicetc.com
Sat, 11 Aug 2001 09:44:24 -0400
> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
> user can access pretty much the entire site. For example, if he
> goes to the
> URL "http://mysite:myport/spam/Control_Panel/manage_shutdown" he
> shuts down
> the entire site. How do I make his privileges local to the spam folder?
This is a security bug addressed by the Hotfix at
http://www.zope.org/Products/Zope/Hotfix_2001-08-04. You should most
definitely install this.
_______________________
Ron Bickers
Logic Etc, Inc.