[Zope] acquisition and security
Paul Howell
paul at smoothstone.com
Tue Nov 18 21:27:59 EST 2003
I have several sites running next to each other, each in its own folder,
all in a folder called "sites", located under root, like this...
/
/sites
/foo
/boo
/moo
If I am viewing http://foo.com, I see the content from the folder sites/foo.
But if I type http://foo.com/sites/boo, I get to view the content from
(duh) sites/boo instead of saying 404: Stuff Not Found, or 666: Stay the
Heck Outa Here (either of those would be fine, I think)
Any ideas how I stop this security problem, this "acquisition leak"? In
what folder (sites? foo?) do I tweak the security settings, and how?
I tried re-reading the Zope Book chapter about Security, and it is great
for User management, but not for stopping acquisition when you don't want
it to acquire. A suggestion from the IRC gang was that this could be a VHM
bug, but that's not it because it also happens on naked Zope going in
through port 8080, where VHM would not be involved.
=Paul
More information about the Zope
mailing list