Re: [Zope-dev] Proposed change in the authentication
In article <[EMAIL PROTECTED]>, Jim Fulton <[EMAIL PROTECTED]> wrote: > I propose to change the order which a vacation in URL traversal or Good idea, we could all use a vacation :-) > performed. See and comment at: > http://www.zope.org/Members/jim/ZopeSecurity/ProposalToAuthenticateDuringURLTraversal To clarify, do you mean that authentication will be done at *every* user folder found along the way, or at the first one found, or attempted at each one until one succeeds, so long as anonymous still has permission to continue walking down, or what? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposed change in the authentication
Jim Fulton wrote: > http://www.zope.org/Members/jim/ZopeSecurity/ProposalToAuthenticateDuringURLTraversal I wonder whether this would fix the following problem: http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/82AE22A20C7E88AE What I reckon is happening is that HTTP is being dumb and presenting the authentication information for the image 'black'. Black knows nothing about this user (because it's defined in a subfolder) and so throws an authentication exception, ignoring the fact that _anyone_ should be able to view this image... Ideas anyone? cheers. Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Proposed change in the authentication
I propose to change the order which a vacation in URL traversal or performed. See and comment at: http://www.zope.org/Members/jim/ZopeSecurity/ProposalToAuthenticateDuringURLTraversal Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Technical Director (888) 344-4332 Python Powered! Digital Creationshttp://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )