[Zope] HTTP PUT

Dieter Maurer dieter at handshake.de
Fri May 5 16:14:57 EDT 2006


David wrote at 2006-5-3 23:12 +0100:
> ...
>I have a user messing with a site using HTTP PUT to upload files. The  
>user has access privileges to use a simple CMS (although for the time  
>being now, they're revoked). Will switching off the permission for  
>"WebDAV access" prevent any successful PUT or do we need to take  
>further actions?

I doubt this.

  "PUT" is used in standard HTML as well (and not only in WebDAV).

  "webdav.NullResource.NullResource.PUT" is explicitly
  allowed for "Anonymous" and internally checks that
  the current user may create the object at the corresponding
  place (it uses "CopyContainer._verifyObjectPaste").

  Other objects "PUT" usually use "Change XXX" permissions to
  control "PUT".

-- 
Dieter


More information about the Zope mailing list