[Zope] major problems placing authentication on an extranet site-security flaw?

[Andreas Pakulat]

On 08.02.06 21:25:33, michael nt milne wrote:
> I've just tried this on a completely different server. I also made sure that
> 'access contents information' was set to 'manager' and 'authenticated'.

Wow, you read the zope-book on security, setup a new zope on a server
and checked this in just 10 minutes? Forgive me if I don't believe this.

> The same thing happens. The main password doesn't work and also you still
> get the main page contents if you keep cancelling or pressing return on the
> login box.

So no Plone this time? What does VerboseSecurity tell you? Do you have
to login to get access to the ZMI? Have you tried to allow
non-authenticated access to the ZMI?

> Complete nightmare. This was the reason I wanted to go with Apache security
> as it's more robust.

No it's not, it's not less robust either, at least that's what I
experienced until now.

Andreas

-- 
You can rent this space for only $5 a week.