[Zope-dev] Patch acceptance. What about this one?

[Chris McDonough]

> At the time, I hadn't received any feedback (however, I'm not blaming
> anyone). I also never posted this to the collector before.  Should one
> of us post this?

It would be appreciated, Joseph.

> Just to be safe ... You shouldn't use this entire patch unless your
> server is behind apache or a proxy server and best if protected by a
> firewall. It could open a potential security leak if you use the
> "domains" field for authentication and the zope server is not
> protected by apache.

Is the issue that the X-Forwarded-For header controls the domain setting?

- C