[Zope] security

barry haycock bhaycock@hotmail.com
Fri, 15 Jun 2001 07:19:24 -0000


the www.yoursite.com was meant to be so that i didnt advertise
my site with a huge security hole in it.

is an alias for my site and wasn't meant to be taken literally

barry


>From: Jason Byron <jason_zope@yahoo.com>
>To: barry haycock <bhaycock@hotmail.com>
>CC: zope@zope.org
>Subject: Re: [Zope] security
>Date: Fri, 15 Jun 2001 00:10:49 -0700 (PDT)
>MIME-Version: 1.0
>Received: from [216.115.105.156] by hotmail.com (3.2) with ESMTP id 
>MHotMailBCF2FFF9006940043256D873699C0A530; Fri Jun 15 00:10:49 2001
>Received: from [64.160.203.91] by web4601.mail.yahoo.com; Fri, 15 Jun 2001 
>00:10:49 PDT
>From jason_zope@yahoo.com Fri Jun 15 00:12:06 2001
>Message-ID: <20010615071049.883.qmail@web4601.mail.yahoo.com>
>In-Reply-To: <F44wY0VnkB4ltFlmmlQ00001650@hotmail.com>
>
>I get:
>
>HTTP/1.0 404 Object Not Found
>
>
>p.s. try not to send html to the list
>
>
>--- barry haycock <bhaycock@hotmail.com> wrote:
><HR>
><html><DIV>Can anyone help me with this security issue regarding
>ZOPE</DIV>
><DIV>&nbsp;</DIV>
><DIV>If you go to <A
>href="http://www.yoursite.com/manage_workspace">www.yoursite.com/manage_workspace</A></DIV>
><DIV>&nbsp;</DIV>
><DIV>you can access the manage screens of zope</DIV>
><DIV>&nbsp;</DIV>
><DIV>THIS IS NOT GOOD</DIV>
><DIV>&nbsp;</DIV>
><DIV>how can you overcome this</DIV>
><DIV>&nbsp;</DIV>
><DIV>I am using solaris v8 with apache as the web server talking
>to another solaris box with zope 2-3-0</DIV>
><DIV>&nbsp;</DIV>
><DIV>I have just found a way to edit the source code so that it
>emails me with the user name and password&nbsp;whenever the next
>person logs in.&nbsp; I can also edit any source code within the
>site.</DIV>
><DIV>&nbsp;</DIV>
><DIV>REQUIRE QUICK RESPONSE</DIV><br clear=all><hr>Get Your
>Private, Free E-mail from MSN Hotmail at <a
>href="http://www.hotmail.com">http://www.hotmail.com</a>.<br></p></html>
>
>_______________________________________________
>Zope maillist  -  Zope@zope.org
>http://lists.zope.org/mailman/listinfo/zope
>**   No cross posts or HTML encoding!  **
>(Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>
>
>__________________________________________________
>Do You Yahoo!?
>Spot the hottest trends in music, movies, and more.
>http://buzz.yahoo.com/

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.