[Zope3-dev] Zope security policy
Roger Ineichen
dev at projekt01.ch
Thu Mar 10 11:49:12 EST 2005
Behalf Of Garrett Smith
> Sent: Thursday, March 10, 2005 5:32 PM
> To: dev at projekt01.ch
> Cc: zope3-dev at zope.org
> Subject: RE: [Zope3-dev] Zope security policy
>
> Roger Ineichen wrote:
> > Hi Garrett
> >
> > From: Garrett Smith [mailto:garrett at mojave-corp.com]
> >> Sent: Thursday, March 10, 2005 5:05 PM
> >> To: dev at projekt01.ch
> >> Cc: zope3-dev at zope.org
> >> Subject: RE: [Zope3-dev] Zope security policy
> >>
> >> I glanced over the transcript, but I'm not sure what I'm
> supposed to
> >> get from it.
> >
> > ;-) nothing, if we don't change the default configuration
> > for zope.View from Allow to Deny for unauthentcated principals.
>
> Ah, so you're saying we just delete these grants?
Yes
I think it's up to the server administrator to open security.
I don't like this microsoft concept "all is open for everybody
and don't forget to secure your application."
> That's fine, but it's decoupled from my point, which is to move these
> decision points into site-specific configuration.
How?
Regards
Roger Ineichen
> -- Garrett
> _______________________________________________
> Zope3-dev mailing list
> Zope3-dev at zope.org
> Unsub:
> http://mail.zope.org/mailman/options/zope3-dev/dev%40projekt01.ch
>
>
More information about the Zope3-dev
mailing list