[Zope] major problems placing authentication on an extranet site-security flaw?

Tino Wildenhain tino at wildenhain.de
Wed Feb 8 17:36:05 EST 2006


michael nt milne schrieb:
> Sorry but this is not my experience and I have experimented. Am using
> gmail basic setting which I like.

Be sure mailinglist people dont like it :-)

Actually it should not bee too hard to
1) create a role, lets call it "Guests" (in / )
2) create a user: guest (in /acl_folder) with role "Guests"
3) remove [ ] acquire  for "View" and if you want "Access Contents
Information" and make a [x] for Manager and [x] Guests

thats it.

Go with a new browser (closed and reopen if you want)
to / of your site and you will get the standard_error_page
with "Unauthorized" if you "cancel" the login box.

You can customize standard_error_page if you want.

How can this be easier with Apache? I'd like to see :-)

(Yes, I know Apache quite good)

Regards
Tino


More information about the Zope mailing list