Re: [Zope-dev] WebDAV etc permissions (Re: zope nautilus cabal)

[Bill Anderson]

On 18 Apr 2001 15:39:20 -0300, Lalo Martins wrote:
> On Fri, Apr 13, 2001 at 11:48:39PM +0100, Chris Withers wrote:
> > > The WebDAV (and XMLRPC) stuff either needs to be decomposed to run on its
> > > own port (and only that port) or more explicit permissions need to be
> > > associated with WebDAV/XMLRPC operations if we take for granted that being
> > > able to browse the root folder structure is a bad thing.
> (...)
> > Basically, 'access contents information' isn't a great permission. If you
> > turn if off, life gets horrible, if you leave it on, bits hang out. I'd
> > prefer to see something like:
> > - Access Contents Information via HTTP
> > - Access Contents Information via FTP
> > ..etc...
> 
> When I crawled out of bed today it ocurred to me that there is
> a very reasonable sollution already.
> 
> We've had a "FTP access" permission for ages. So, either:
> 
> - make WebDAV, XMLRPC etc protected by "View Management Screens"
> 
> - make WebDAV, XMLRPC etc protected by "FTP access"
> 
> - make WebDAV, XMLRPC etc protected by "DAV/RPC access"
>   (a new permission)
> 
> yes? 


Perhaps for webdav and ftp it would work fine. XML-RPC is a bit of a
different animal, as it runs through  http, thus on the same port as
zope's http side.  Going out on a limb here, I would guess that to move
XML-RPC to a seperate port would be very, very time consuming and
difficult; not to mention questionable with respects to the standard?

Bill

> 
> []s,
>|alo
>+
> --
>I say a prayer now our love's departed
> That you'll come back to stay
>   Bring back the perfect day
> 
> http://www.laranja.org/mailto:[EMAIL PROTECTED]
>  pgp key: http://www.laranja.org/pessoal/pgp
> 
> Brazil of Darkness (RPG)  ---   http://www.BroDar.org/
> 
> ___
> Zope-Dev maillist  -  [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] WebDAV etc permissions (Re: zope nautilus cabal)

[Lalo Martins]

On Fri, Apr 13, 2001 at 11:48:39PM +0100, Chris Withers wrote:
> > The WebDAV (and XMLRPC) stuff either needs to be decomposed to run on its
> > own port (and only that port) or more explicit permissions need to be
> > associated with WebDAV/XMLRPC operations if we take for granted that being
> > able to browse the root folder structure is a bad thing.
(...)
> Basically, 'access contents information' isn't a great permission. If you
> turn if off, life gets horrible, if you leave it on, bits hang out. I'd
> prefer to see something like:
> - Access Contents Information via HTTP
> - Access Contents Information via FTP
> ..etc...

When I crawled out of bed today it ocurred to me that there is
a very reasonable sollution already.

We've had a "FTP access" permission for ages. So, either:

- make WebDAV, XMLRPC etc protected by "View Management Screens"

- make WebDAV, XMLRPC etc protected by "FTP access"

- make WebDAV, XMLRPC etc protected by "DAV/RPC access"
  (a new permission)

yes? 

[]s,
   |alo
   +
--
   I say a prayer now our love's departed
That you'll come back to stay
  Bring back the perfect day

http://www.laranja.org/mailto:[EMAIL PROTECTED]
 pgp key: http://www.laranja.org/pessoal/pgp

Brazil of Darkness (RPG)  ---   http://www.BroDar.org/

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )