Title: RE: [Zope] Authentication, Anonymous and Public
Brian, here are the steps to recreate:
Caveat: Anonymous is unrestricted at the root level
1) Create a folder
2) Remove inherited (acquired) rights for all attributes
3) Add a user to the folder
4) Give the user the manager role
5
Brian Lloyd wrote:
> Can you give me a scenario that shows the problem so
> that I can reproduce it? (walk me through what objects
> to create, what permissions to give, how to try to
> access them). This should be done with standard built-in
> User/UserFolders if possible.
http://lists.zope.org/
> > A user that does not log in, i.e. a user you know nothing of,
> > gets the "Anonymous" role automatically (at least with "acl_users").
> > A logged in user may not get the "Anonymous" role.
> >
> > This does not provide additional security, because this
> > user may simply shut down his brows
Stuart Bishop wrote:
> or in BasicUserFolder. Either way it should go in the collector.
Issue 1391, or in a slightly different phrasing, Issue 467
cheers,
Chris
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**
On Sun, 2 Jul 2000, Dieter Maurer wrote:
> Chris Withers writes:
> > Dieter Maurer wrote:
> > > In Zope, each user has a set of roles.
> > > Any user has the "Anonymous" role. Log-in users may have
> > > additional roles.
> >
> > I'm not convinced this is true...
> The Content Manager Guid
Dieter Maurer wrote:
> A user that does not log in, i.e. a user you know nothing of,
> gets the "Anonymous" role automatically (at least with "acl_users").
> A logged in user may not get the "Anonymous" role.
>
> This does not provide additional security, because this
> user may simply shut down
Stuart Bishop writes:
> On Fri, 30 Jun 2000, Dieter Maurer wrote:
> > In Zope, each user has a set of roles.
> > Any user has the "Anonymous" role. Log-in users may have
> > additional roles.
> >
> > Thus, what you see, should not happen.
>
> Users, by default, are not granted the 'Anony
On Fri, 30 Jun 2000, Dieter Maurer wrote:
> Capesius, Alan writes:
> > I'm running into a problem after implementing jcNTUserFolder in a
> > subfolder of my site. Users can access the root level or particular
> > subfolders anonymously. Once a user accesses the protected
> > NTUserFolder,
Dieter Maurer wrote:
> > > In Zope, each user has a set of roles.
> > > Any user has the "Anonymous" role. Log-in users may have
> > > additional roles.
> >
> > I'm not convinced this is true...
> The Content Manager Guide (Security, Authorization) states it
> this way:
>
> The "Anonymous
Chris Withers writes:
> Dieter Maurer wrote:
> > In Zope, each user has a set of roles.
> > Any user has the "Anonymous" role. Log-in users may have
> > additional roles.
>
> I'm not convinced this is true...
The Content Manager Guide (Security, Authorization) states it
this way:
The "An
Dieter Maurer wrote:
> In Zope, each user has a set of roles.
> Any user has the "Anonymous" role. Log-in users may have
> additional roles.
I'm not convinced this is true...
Quoting from the LoginManager CHANGES.TXT file:
> Generic User Source, like the GenericUserFolder product it was inspired
t; > From: Dieter Maurer[SMTP:[EMAIL PROTECTED]]
> > Sent: Friday, June 30, 2000 4:40:26 PM
> > To: Capesius, Alan
> > Cc: [EMAIL PROTECTED]
> > Subject:Re: [Zope] Authentication, Anonymous and Public
> > Auto forwarded by a Rule
> >
Capesius, Alan writes:
> I'm running into a problem after implementing jcNTUserFolder in a
> subfolder of my site. Users can access the root level or particular
> subfolders anonymously. Once a user accesses the protected
> NTUserFolder, the credentials are saved in the browser. If the user
Title: Authentication, Anonymous and Public
I'm running into a problem after implementing jcNTUserFolder in a
subfolder of my site. Users can access the root level or particular
subfolders anonymously. Once a user accesses the protected
NTUserFolder, the credentials are saved in the browser
14 matches
Mail list logo