[ZCM] [ZC] 790/ 4 Resolve "WebDav is enabled for anonymous"
Collector: Zope Bugs, Features, and Patches ...
zope-coders-admin@zope.org
Mon, 03 Feb 2003 09:34:06 -0500
Issue #790 Update (Resolve) "WebDav is enabled for anonymous"
Status Resolved, Zope/bug medium
To followup, visit:
http://collector.zope.org/Zope/790
==============================================================
= Resolve - Entry #4 by ajung on Feb 3, 2003 9:34 am
Status: Accepted => Resolved
Closing..there will be no backport to 2.6.
________________________________________
= Comment - Entry #3 by ajung on Feb 3, 2003 6:01 am
Fixed on the HEAD.
________________________________________
= Assign - Entry #2 by ajung on Feb 2, 2003 4:01 pm
Status: Pending => Accepted
Supporters added: ajung
I think it is sufficient to remove Anonymous from the roles
for "WebDAV access" but grant the permission to Authenticated.
________________________________________
= Request - Entry #1 by mjablonski on Feb 2, 2003 3:54 pm
Anonymous-Users can use WebDav to wander through your entire site-hierachy and have a look into the Control_Panel/Products-Folder.
You can test it with cadaver on several zope-sites:
www.zope.org or www.donauland.at
In my opinion Anonymous-WebDav-Access should be turned off in the "default"-installation, because most people are not aware of this "feature".
==============================================================