[Zope] HTTP PUT
Dieter Maurer
dieter at handshake.de
Fri May 5 16:14:57 EDT 2006
David wrote at 2006-5-3 23:12 +0100:
> ...
>I have a user messing with a site using HTTP PUT to upload files. The
>user has access privileges to use a simple CMS (although for the time
>being now, they're revoked). Will switching off the permission for
>"WebDAV access" prevent any successful PUT or do we need to take
>further actions?
I doubt this.
"PUT" is used in standard HTML as well (and not only in WebDAV).
"webdav.NullResource.NullResource.PUT" is explicitly
allowed for "Anonymous" and internally checks that
the current user may create the object at the corresponding
place (it uses "CopyContainer._verifyObjectPaste").
Other objects "PUT" usually use "Change XXX" permissions to
control "PUT".
--
Dieter
More information about the Zope
mailing list