[Zope] Security-Trouble with HEAD.Method

Maik Jablonski maik.jablonski@uni-bielefeld.de
Tue, 05 Mar 2002 10:24:32 +0100


hello,

yesterday all my documents were accessed by an Anonymous User with a method called HEAD (I played around with some linkcheckers, but that doesn't change the nature of the problem). Now the bobobase_modification_time of all my docs/folders is changed!!!

the undo-tab of all docs/folders says:

/path/to/the/document_or_folder/HEAD   by Anonymous User

and so on...

I think it must have to do with the webdav/HEAD-methods. But why is an Anonymous User allowed to change the Bobobase-Modification-Time?

I'm working with a standard-2.5.0.source-installation and had changed nothing in the security-tab of the root-folder.

My guess: by default an Anonymous User has the right "WebDAV access". Is there any connection to the described problem? What's the "WebDAV access" for Anonymous good for? Would'nt it be better to turn off this by default?

Thank you for help in advance.

Maik.

-- 
 maik jablonski                           visit www.zope.org,
 universitaet bielefeld                   LET'S GET ZOPED!!!!
 zentrum fuer lehrerbildung                                 
 didaktik des sachunterrichts                            
 postfach 10 01 31                                          
 33501 bielefeld 		    
 germany                                                    
 tel: + 49 (0) 521 106 4234                                 

 http://www.zfl.uni-bielefeld.de/
 http://www.sachunterricht-online.de/