[Zope] security
Jason Byron
jason_zope@yahoo.com
Fri, 15 Jun 2001 00:10:49 -0700 (PDT)
I get:
HTTP/1.0 404 Object Not Found
p.s. try not to send html to the list
--- barry haycock <bhaycock@hotmail.com> wrote:
<HR>
<html><DIV>Can anyone help me with this security issue regarding
ZOPE</DIV>
<DIV> </DIV>
<DIV>If you go to <A
href="http://www.yoursite.com/manage_workspace">www.yoursite.com/manage_workspace</A></DIV>
<DIV> </DIV>
<DIV>you can access the manage screens of zope</DIV>
<DIV> </DIV>
<DIV>THIS IS NOT GOOD</DIV>
<DIV> </DIV>
<DIV>how can you overcome this</DIV>
<DIV> </DIV>
<DIV>I am using solaris v8 with apache as the web server talking
to another solaris box with zope 2-3-0</DIV>
<DIV> </DIV>
<DIV>I have just found a way to edit the source code so that it
emails me with the user name and password whenever the next
person logs in. I can also edit any source code within the
site.</DIV>
<DIV> </DIV>
<DIV>REQUIRE QUICK RESPONSE</DIV><br clear=all><hr>Get Your
Private, Free E-mail from MSN Hotmail at <a
href="http://www.hotmail.com">http://www.hotmail.com</a>.<br></p></html>
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
__________________________________________________
Do You Yahoo!?
Spot the hottest trends in music, movies, and more.
http://buzz.yahoo.com/