[Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne michael.milne at gmail.com
Wed Feb 8 16:44:17 EST 2006


I printed out the section on Zope security quite a while ago and read it. So
it's not just in the last ten minutes. I haven't tried verbosesecurity just
yet as I haven't had the time. Basically, the security should work without
that.

On 2/8/06, Andreas Pakulat <apaku at gmx.de> wrote:
>
> On 08.02.06 21:25:33, michael nt milne wrote:
> > I've just tried this on a completely different server. I also made sure
> that
> > 'access contents information' was set to 'manager' and 'authenticated'.
>
> Wow, you read the zope-book on security, setup a new zope on a server
> and checked this in just 10 minutes? Forgive me if I don't believe this.
>
> > The same thing happens. The main password doesn't work and also you
> still
> > get the main page contents if you keep cancelling or pressing return on
> the
> > login box.
>
> So no Plone this time? What does VerboseSecurity tell you? Do you have
> to login to get access to the ZMI? Have you tried to allow
> non-authenticated access to the ZMI?
>
> > Complete nightmare. This was the reason I wanted to go with Apache
> security
> > as it's more robust.
>
> No it's not, it's not less robust either, at least that's what I
> experienced until now.
>
> Andreas
>
> --
> You can rent this space for only $5 a week.
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>



--
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060208/d40328df/attachment.htm


More information about the Zope mailing list