[Zope] Disabling anonymous webdav access

Antwan Reijnen antwan@dexus.nl
Sat, 19 May 2001 13:13:33 +0200

Hi Brian,

>As far as GET / PUT, these are not distinguishable from a
>non-DAV GET / PUT (but those operations are protected by
>action-specific permissions anyway).
>So this is not a 100% solution, just one that happens to be
>a light-weight way to allow people to solve their immediate
>problem (in basically the same way we solve it for FTP).

Ok, so what do you propose Brian? You have a point by stating that you want 
the Zope-permissionsystem to be action-based in stead of protocol based. 
But then: listing a site's content via the DAV-protocol does not work the 
same as via normal http-based protocol: when index_html is present, the 
site's content (and sub-directory-structure) is effectively masked via 
normal http-access (I think).

So when a certain permission (like Acces Contents Information) effectively 
behaves different under different access-protocols, this action-based 
permission policy seems to me to be inadequate...

Greetings, Antwan.

>Brian Lloyd        brian@digicool.com
>Software Engineer  540.371.6909
>Digital Creations  http://www.digicool.com
>Zope maillist  -  Zope@zope.org
>**   No cross posts or HTML encoding!  **
>(Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )