[Zope] authentication problem
Dominique.Dutoit@cec.eu.int
Dominique.Dutoit@cec.eu.int
Tue, 4 Sep 2001 13:56:31 +0200
"Maybe it is time to patch Zope so that it is RFC standards conformant ??"
I've posted a small patch on the list yesterday
(http://lists.zope.org/pipermail/zope/2001-September/098965.html).
manage_workspace verifies the roles against an Anonymous user and thus, it
doesn't challenge the browser. The only method I found is to force
manage_workspace to verify against an Authenticated user and the problem is
gone. I think that it make sense to check the roles of the Authenticated
user because by definition, the user must be authenticated to access the
ZMI. But on the other hand, I don't know if I've done something wrong.