[Zope] authentication problem

seb bacon seb@jamkit.com
Tue, 4 Sep 2001 13:42:46 +0100


Someone should put the issue in the collector - any volunteers? :-) 

seb

* Dominique.Dutoit@cec.eu.int <Dominique.Dutoit@cec.eu.int> [010904 12:58]:
> "Maybe it is time to patch Zope so that it is RFC standards conformant ??"
> 
> I've posted a small patch on the list yesterday
> (http://lists.zope.org/pipermail/zope/2001-September/098965.html).
> manage_workspace verifies the roles against an Anonymous user and thus, it
> doesn't challenge the browser. The only method I found is to force
> manage_workspace to verify against an Authenticated user and the problem is
> gone. I think that it make sense to check the roles of the Authenticated
> user because by definition, the user must be authenticated to access the
> ZMI. But on the other hand, I don't know if I've done something wrong.