Supposedly you would not be able to access that part of the site until you authenticate against it. Isn't that the case now?
Assuming it requires authentication, yes.
And if it doesn't require authentication?
Also, what determines whether it requires authentication? authorisation requirements or something else?
The main problem here is that Internet Explorer doesn't allow you to log out, for example.
I thought returning enough 401's usually prompts any browser to drop its basic auth?
So, in principal, invalid credentials should raise an error, but in practice, you can't do that if you use Simple HTTP authentication.
Why not? Surely they should just get a 403 response?
-- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk _______________________________________________ Zope-Coders mailing list Zope-Coders@zope.org http://mail.zope.org/mailman/listinfo/zope-coders