[Zope] Security Problem

jamesd@mena.org.au jamesd@mena.org.au
Thu, 27 Mar 2003 11:39:44 +1000 (EST)

I have a Zope server running with two instances of plone, "Plone1" and
plone2 is a demo site with a user "Demo" having the role 'Manager' available
to the public. plone1 is a regular plone site.

If I log in to plone2 as the user Demo, then go to the following url:
The permissions are acquired from the demo site giving full Manager access
to my main plone site. This is obviously a serious problem.

Any ideas how I can stop the permissions from being acquired under that
situation without breaking anything?