Lennart Regebro wrote:
Supposedly you would not be able to access that part of the site until
you authenticate against it. Isn't that the case now?

Assuming it requires authentication, yes.

And if it doesn't require authentication?
Also, what determines whether it requires authentication? authorisation requirements or something else?

The main problem here is that Internet Explorer doesn't allow you to
log out, for example.

I thought returning enough 401's usually prompts any browser to drop its basic auth?

So, in principal, invalid credentials should raise an error, but in
practice, you can't do that if you use Simple HTTP authentication.

Why not? Surely they should just get a 403 response?



Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk
Zope-Coders mailing list

Reply via email to