[Zope] Going from Zope 2.1.6 to 2.3.0: security issue

Burwell, Becky <burwell@parc.xerox.com> burwell@parc.xerox.com
Tue, 6 Feb 2001 15:06:06 PST


This didn't work.

What is the better model to use if domain authentication support will be deprecated soon?

> -----Original Message-----
> From: Randall F. Kern [mailto:randy@spoke.net]
> Sent: Tuesday, February 06, 2001 11:20 AM
> To: burwell@parc.xerox.com; zope@zope.org
> Subject: RE: [Zope] Going from Zope 2.1.6 to 2.3.0: security issue
> 
> 
> try going to
> http://yourserver/acl_users/setDomainAuthenticationMode?domain
> _auth_mode
> =1
> 
> # Domain authentication support. This is a good candidate to
> # become deprecated in future Zope versions.
> 
> -Randy
> > -----Original Message-----
> > From: Burwell, Becky <burwell@parc.xerox.com>
> > [mailto:burwell@parc.xerox.com]
> > Sent: Tuesday, February 06, 2001 10:35 AM
> > To: 'zope@zope.org'
> > Subject: [Zope] Going from Zope 2.1.6 to 2.3.0: security issue
> > 
> > 
> > We are in the process of moving from Zope 2.1.6 to Zope 2.3.0
> > 
> > We had some web pages that we wanted to restrict to people just at 
> > our research lab. 
> > 
> > We did this by creating a role called "localUsers". And 
> then we added 
> > a user with a domain of *.parc.xerox.com that had the role of 
> > localUsers. This allowed anyone whose web browser was on a 
> machine in 
> > *.parc.xerox.com to access the pages. This worked great in 2.1.6.
> > 
> > When we brought up Zope 2.3.0 we find that we get prompted 
> for an id 
> > and password when accessing web page that have our role localUsers 
> > applied to them. We can tell the user what to type, but it is 
> > annoying.
> > 
> > What's the best way to restrict a set of pages to a 
> particular domain 
> > without having to require the user to login?
> > 
> > Thanks.
> > 
> > 
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists - 
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
> > 
>