[Zope] major problems placing authentication on an
extranet site-security flaw?
Tino Wildenhain
tino at wildenhain.de
Wed Feb 8 17:36:05 EST 2006
michael nt milne schrieb:
> Sorry but this is not my experience and I have experimented. Am using
> gmail basic setting which I like.
Be sure mailinglist people dont like it :-)
Actually it should not bee too hard to
1) create a role, lets call it "Guests" (in / )
2) create a user: guest (in /acl_folder) with role "Guests"
3) remove [ ] acquire for "View" and if you want "Access Contents
Information" and make a [x] for Manager and [x] Guests
thats it.
Go with a new browser (closed and reopen if you want)
to / of your site and you will get the standard_error_page
with "Unauthorized" if you "cancel" the login box.
You can customize standard_error_page if you want.
How can this be easier with Apache? I'd like to see :-)
(Yes, I know Apache quite good)
Regards
Tino
More information about the Zope
mailing list