[ZCM] [ZC] 790/ 3 Comment "WebDav is enabled for anonymous"
Collector: Zope Bugs, Features, and Patches ...
zope-coders-admin@zope.org
Mon, 03 Feb 2003 06:01:39 -0500
Issue #790 Update (Comment) "WebDav is enabled for anonymous"
Status Accepted, Zope/bug medium
To followup, visit:
http://collector.zope.org/Zope/790
==============================================================
= Comment - Entry #3 by ajung on Feb 3, 2003 6:01 am
Fixed on the HEAD.
________________________________________
= Assign - Entry #2 by ajung on Feb 2, 2003 4:01 pm
Status: Pending => Accepted
Supporters added: ajung
I think it is sufficient to remove Anonymous from the roles
for "WebDAV access" but grant the permission to Authenticated.
________________________________________
= Request - Entry #1 by mjablonski on Feb 2, 2003 3:54 pm
Anonymous-Users can use WebDav to wander through your entire site-hierachy and have a look into the Control_Panel/Products-Folder.
You can test it with cadaver on several zope-sites:
www.zope.org or www.donauland.at
In my opinion Anonymous-WebDav-Access should be turned off in the "default"-installation, because most people are not aware of this "feature".
==============================================================