[Zope] Re: major problems placing authentication on an extranet site-security flaw?

Philip Kilner phil at xfr.co.uk
Sat Feb 11 07:28:49 EST 2006


Hi Michael,

michael nt milne wrote:
> Yes I found that as well but picked it up from the Google cache.
> Strange that it is available there as it's password protected.
> Possibly it was public before?
> 

Yes, it was public before.

Have you tried this, and does it solve your problems?

JCC is spot on when he points to workflow as being the basis of security
in Plone - it's also worth saying that the Zope system and the Plone
system are pretty much at odds with one another. You are more likely to
make mistakes at the Zope level than to do what you intend.

(If you try the "howto", don't overlook that last step - hitting the
"update security settings" button. Managed to overlook this myself
recently (despite it being the umpteenth time I've followed this howto),
and spent hours thinking that something more exotic was going on!)

Let us know how you get on...


-- 

Regards,

PhilK

Email: phil at xfr.co.uk
PGP Public key: http://www.xfr.co.uk
Voicemail & Facsimile: 07092 070518

"You'll find that one part's sweet and one part's tart:
say where the sweetness and the sourness start."
- Tony Harrison


More information about the Zope mailing list