[Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne michael.milne at gmail.com
Wed Feb 8 11:48:08 EST 2006


I have major problems here trying to set-up authentication over a whole
Plone site using Zope. Using my superuser account I've navigated to the site
root page in the ZMI where it lists all the site pages and objects etc. I've
then gone into security, scrolled down to the bottom and for the 'View'
option I have tried all combinations of 'Manager', 'Authenticated' and
'Aquire'. It simply won't work.

I get a pop-up box but the superuser manager pass doesn't work. Then, even
with 'authenticated' checked and using a different browser to the one I'm
using for the management screen, clicking return on the login box over and
over again eventually produces the front page sans CSS. It shouldn't do this
and when the extranet is live, if the public were to be able to view it this
would be a serious risk. I've set view to authenticated only but it still
lets me in.

I find the Zope security, permissions set-up hideously complex and unusable
to be honest and it doesn't even seem to work.

Very frustrated.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060208/28d90dae/attachment.htm

More information about the Zope mailing list