[Zope-PTK] a serious security bug??

Chris Withers chrisw@nipltd.com
Mon, 10 Jul 2000 10:41:55 +0100


Alan Pogrebinschi wrote:
> Am I missing something?? Or is it a security problem?

A possible explnation:

You were doing stuff through the management interface before you tried
out joining your PTK site.

So, your problem is that HTTP basic authentication is telling Zope you
have a manager role while you've logged into the PTK with a cookie for
your member.

If you still get this behaviour when you've closed down ALL your
broswers and then started one up again, then it's probably a (very
serious) problem ;-)

cheers,

Chris