[Zope-CMF] Security issue in CMF 1.0/1.1

Volodymyr Cherepanyak vcherep@yahoo.com
Tue, 12 Jun 2001 12:53:08 +0300


Hi,

Any "private" content type can be viewed by anonymous user, after typing
it URL in browser input (i.e. site/New_Document/view).

Is this a bug, or I am missing something? I think private document
shouldn't be viewable by anybody except owner/manager.

Regards.

Volodymyr Cherepanyak.