[Zope] Folder and SQL security

George mail@okstudio.com.au
Mon, 04 Sep 2000 03:26:20 +1100

Security in ZOPE is very puzzling. If I have certain rules set for the
root folder, can I set something different for the sub folders? Any
changes seem to have no effect at all. I am especially wandering about
setting for anonymous user. I'd like to give them only 'viewing'
privilege but that does not work. The site is not functional at all and
asks for the password even for the viewing. Then I enable 'access the
content' and the site works as long as I do not try to use sql. When I
how ever enable 'use sql methods' permission they can access my
database, delete and add entries to it. What do I have to do to allow
anonymous viewers to just view the site (keep in mind that I am using a
couple of zsql methods for embedding of data in my html) I also want to
have one of the sub folders not accessible to any one but me.
Can you help anyone?