this is true. i tried to acces zope on my local machine at the address


(note: *without* the manage!) and nautilus showed me everything. both
mozilla and netscape show the welcome page. if i add manage nautilus
simply refuse to authenticate. my impression is that even if http:
is specified, nautilus uses some other kind of protocol (webdav?)
to read the contents of the url.

the bad thing is that you can read (not modify) every single document
in the zope db. 

Scavenging the mail folder uncovered [EMAIL PROTECTED]'s letter:
> Hi, here in mixad have found a "mysterious" bug with zope and
> nautilus.  We are investigating if is a bug or a feature. 
> The problem is that nautilus can browse the internals of zope directory 
> without authentication. 
> The method is pointing nautilus to simply. 
> Please can someone try to reproduce the bug ? The version of the 
> sw is:
> ii  libnautilus0   1.0-3          Shared libraries that part of Nautilus
> ii  libncurses5    5.2.20010318-1 Shared libraries for terminal handling
> ii  nautilus       1.0-3          file manager and graphical shell
> rc  nautilus-trilo 1.0-2          Nautilus component framework for services
> ii  zope           2.3.1-1        The Z Object Publishing Environment 
> Regards 
> Andrea Fanfani
> -- 
> Andrea Fanfani 
> Era  talmente intelligente  che, datogli  in  mano un  cubo di  Rubik,
> riusciva a mangiarlo in 15 secondi netti. (Anonimo)

Federico Di Gregorio
MIXAD LIVE Chief of Research & Technology              [EMAIL PROTECTED]
Debian GNU/Linux Developer & Italian Press Contact        [EMAIL PROTECTED]
   Abandon the search for Truth; settle for a good fantasy. -- Anonymous

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to