[Zope] major problems placing authentication on an extranet
site-security flaw?
Jens Vagelpohl
jens at dataflake.org
Wed Feb 8 12:05:57 EST 2006
On 8 Feb 2006, at 16:48, michael nt milne wrote:
> I get a pop-up box but the superuser manager pass doesn't work.
If the superuser password is indeed set up correctly then this is a
fault of the user folder. There are some bad implementations out that
that do not respect the superuser/emergency user.
> Then, even with 'authenticated' checked and using a different
> browser to the one I'm using for the management screen, clicking
> return on the login box over and over again eventually produces the
> front page sans CSS. It shouldn't do this and when the extranet is
> live, if the public were to be able to view it this would be a
> serious risk. I've set view to authenticated only but it still lets
> me in.
>
> I find the Zope security, permissions set-up hideously complex and
> unusable to be honest and it doesn't even seem to work.
I'll be more explicit this time: You don't know enough to make
blanket statements like this. From your emails it is obvious that you
don't know much at all about the way Zope security works. You need to
get a clue about what you're doing first. From the lack of similar
complaints from the many Zope and Plone users out there and the lack
of interest (meaning lack of responses to your emails) the only
logical conclusion is that the fault is on your end.
Since this is a Plone site I would suggest you move this discussion
to a Plone-related mailing list.
jens
More information about the Zope
mailing list