[Zope] major problems placing authentication on an extranet
site-security flaw?
michael nt milne
michael.milne at gmail.com
Wed Feb 8 16:38:26 EST 2006
Of course I did. Why on earth would you be able to view a front page of a
site when it is labelled as 'authenticated' and also as 'manager' ? just by
pressing cancel or return a few times. Big security flaw I'm sorry. Also
superuser passwords don't work when security is set up and I've tried this
on a couple of set-ups. And this is apart from the usability.
On 2/8/06, Tino Wildenhain <tino at wildenhain.de> wrote:
>
> michael nt milne schrieb:
> > Thanks for the advice. I'll have another look at the security settings
> > but this is undoubtedly an issue. The superuser password not working is
> > the main one etc. But ultimately my comments on usabiltity should be
> > taken on board because Zope security is overly complex.
>
> Actually its not that hard - and its just fine grained - a very strength
> of zope. You can use VerboseSecurity to debug your security issues.
>
> Did you read the chapter about users and security in the zope book?
>
> Regards
> Tino
>
--
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060208/8cd797a5/attachment.htm
More information about the Zope
mailing list