this is true. i tried to acces zope on my local machine at the address
http://localhost:9673/
(note: *without* the manage!) and nautilus showed me everything. both
mozilla and netscape show the welcome page. if i add manage nautilus
simply refuse to authenticate. my impression is that even if http:
is specified, nautilus uses some other kind of protocol (webdav?)
to read the contents of the url.
the bad thing is that you can read (not modify) every single document
in the zope db.
ciao,
federico
Scavenging the mail folder uncovered [EMAIL PROTECTED]'s letter:
> Hi, here in mixad have found a "mysterious" bug with zope and
> nautilus. We are investigating if is a bug or a feature.
>
> The problem is that nautilus can browse the internals of zope directory
> without authentication.
>
> The method is pointing nautilus to http://www.foo.bar:9673 simply.
>
> Please can someone try to reproduce the bug ? The version of the
> sw is:
>
>
> ii libnautilus0 1.0-3 Shared libraries that part of Nautilus
> ii libncurses5 5.2.20010318-1 Shared libraries for terminal handling
>
> ii nautilus 1.0-3 file manager and graphical shell
> rc nautilus-trilo 1.0-2 Nautilus component framework for services
>
> ii zope 2.3.1-1 The Z Object Publishing Environment
>
>
>
> Regards
>
> Andrea Fanfani
> --
> Andrea Fanfani
> Era talmente intelligente che, datogli in mano un cubo di Rubik,
> riusciva a mangiarlo in 15 secondi netti. (Anonimo)
>
--
Federico Di Gregorio
MIXAD LIVE Chief of Research & Technology [EMAIL PROTECTED]
Debian GNU/Linux Developer & Italian Press Contact [EMAIL PROTECTED]
Abandon the search for Truth; settle for a good fantasy. -- Anonymous
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
