[Zope-PTK] a serious security bug??

Alan Pogrebinschi alanpog@empresa.net
Mon, 10 Jul 2000 14:30:44 -0400

> (1) Open the security tab of <PTK Instance Root>/Members folder.
> (2) Reset 'acquire permission setting' of 'Manage Portal' role

Thanks Toshio! I did that and it worked.

And answering Chris, yes I had closed all my browser windows before loging
in, so it is a real security problem.

But, I got a strange side-effect. Each time a
member clicks on *any link* (like 'preferences', 'my stuff', or even
'Home'), I get in my terminal window:

prana:/usr/local/zope22# Action discarded: {'permissions': ['Manage
portal'], 'n
ame': 'Reconfigure portal', 'category': 'global', 'url':

As long as I have started "python z2.py" during the same telnet session.
This must mean something is wrong, but I have no clue.