[Zope] Disabling anonymous webdav access
sean.upton@uniontrib.com
sean.upton@uniontrib.com
Fri, 18 May 2001 09:18:15 -0700
Are WebDAV requests HTTP GET requests? Or are they PUT?
I ask because there might be a way to filter public access with a
reverse-proxy to certain URLs (with, for example, a Squid redirector).
Whether or not this kind of thing would work for certain types of WebDAV
traffic, such as viewing folder contents, depends on the anatomy of a WebDAV
request...
Thoughts?
Sean
-----Original Message-----
From: Jerome Alet [mailto:alet@unice.fr]
Sent: Friday, May 18, 2001 8:36 AM
To: zope@zope.org
Subject: RE: [Zope] Disabling anonymous webdav access
On Fri, 18 May 2001, Brian Lloyd wrote:
> Ivo), I propose that it default to "Manager, Anonymous" so that
> current behavior is preserved. In other words, I think it is
> better that sites continue to work exactly as before after the
> change (but that the manager can then go turn off anonymous
> DAV access), rather than have sites suddenly "stop working with
> WebDAV" until the manager goes and gives anonymous that
> permission.
>
> Thoughts?
Here's mine, for a future version of Zope:
What would be nice is an installation/launching option
for Zope's security to be set to maximum security by default, i.e.
anonymous wouldn't even have the View permission by default, and the admin
would have to manually set the anonymous permissions.
kind of like the ALL: PARANOID in /etc/hosts.deny and and no hosts.allow
file.
What would be even better is that such a thing doesn't appear in
Zope before I understand completely how the permission system really work
;-)
bye,
Jerome Alet
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )