[Zope] Re: major problems placing authentication on an extranet site-security flaw?

michael nt milne michael.milne at gmail.com
Fri Feb 10 07:49:07 EST 2006

Well I said it was over and out but I have to respond to this latest post. I
appreciate the help here and will be trying out some of the suggestions.
Basically though, Zope permissions and security could be made a lot more
usable. It's far too technically focused and this is the opinion of a few
others as well. The whole ZMI interface could be put through a usability
re-design to be honest and that's not even to comtemplate the security

I have a few clients, who I have built sites for using Plone and on showing
them the ZMI they have re-coiled in absolute horror. Now obviously Plone is
trying to bring more and more features within its own interface, which is
good as it's more usable. However many things still remain. Most of my
clients are able to use the Plone editing tools and interfaces but can't at
all get their heads round the ZMI. I would guess that changing interfaces
doesn't help but there you go.

Glad you feel entertained Norbert. I have been as well and at the same time
have made quite a bit of progress. Cheers.

On 2/9/06, Norbert Marrale <norbert at vsmpro.com> wrote:
> Chris Withers wrote:
> > michael nt milne wrote:
> >> Over and out on this one from me
> >
> > You promise? ;-)
> >
> > Chris
> >
> I think Tino made the key suggestion earlier on: log out of the ZMI,
> close your browser, restart it, clear the cache, clear any saved
> passwords, try to view the page in question and - if your settings are
> correct - get prompted to log by whichever authentication mechanism you
> chose to implement. If you cancel out and are able to view the page, you
> made a configuration mistake somewhere. Find it, fix it - and try again.
> This has become one of the more hilarious threads I've read in a long
> time. I suggest submitting Michael's name to alt.usenet.kooks for
> consideration as KotM.
> Norbert
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060210/8b5ef313/attachment.htm

More information about the Zope mailing list