[Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne michael.milne at gmail.com
Wed Feb 8 16:25:33 EST 2006

I've just tried this on a completely different server. I also made sure that
'access contents information' was set to 'manager' and 'authenticated'.

The same thing happens. The main password doesn't work and also you still
get the main page contents if you keep cancelling or pressing return on the
login box.

Complete nightmare. This was the reason I wanted to go with Apache security
as it's more robust.


On 2/8/06, michael nt milne <michael.milne at gmail.com> wrote:
>  Thanks for the advice. I'll have another look at the security settings
> but this is undoubtedly an issue.  The superuser password not working is the
> main one etc. But ultimately my  comments on usabiltity should be taken on
> board because Zope security is overly complex.
> On 2/8/06, Dieter Maurer <dieter at handshake.de> wrote:
> >
> > michael nt milne wrote at 2006-2-8 16:48 +0000:
> > >I have major problems here trying to set-up authentication over a whole
> > >Plone site using Zope. Using my superuser account I've navigated to the
> > site
> > >root page in the ZMI where it lists all the site pages and objects etc.
> > I've
> > >then gone into security, scrolled down to the bottom and for the 'View'
> > >option I have tried all combinations of 'Manager', 'Authenticated' and
> > >'Aquire'. It simply won't work.
> >
> > You can use "VerboseSecurity" to analyse difficult authorization
> > problems.
> >
> > "VerboseSecurity" is an integral part of Zope from 2.8 on.
> > Previously, it has been a separate product.
> >
> > --
> > Dieter
> >
> --
> Michael

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060208/e1b568d8/attachment.htm

More information about the Zope mailing list