[Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne michael.milne at gmail.com
Wed Feb 8 16:38:26 EST 2006

Of course I did. Why on earth would you be able to view a front page of a
site when it is labelled as 'authenticated' and also as 'manager' ? just by
pressing cancel or return a few times. Big security flaw I'm sorry. Also
superuser passwords don't work when security is set up and I've tried this
on a couple of set-ups. And this is apart from the usability.

On 2/8/06, Tino Wildenhain <tino at wildenhain.de> wrote:
> michael nt milne schrieb:
> >  Thanks for the advice. I'll have another look at the security settings
> > but this is undoubtedly an issue.  The superuser password not working is
> > the main one etc. But ultimately my  comments on usabiltity should be
> > taken on board because Zope security is overly complex.
> Actually its not that hard - and its just fine grained - a very strength
> of zope. You can use VerboseSecurity to debug your security issues.
> Did you read the chapter about users and security in the zope book?
> Regards
> Tino

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060208/8cd797a5/attachment.htm

More information about the Zope mailing list