> At the time, I hadn't received any feedback (however, I'm not blaming
> anyone). I also never posted this to the collector before.  Should one
> of us post this?

It would be appreciated, Joseph.

> Just to be safe ... You shouldn't use this entire patch unless your
> server is behind apache or a proxy server and best if protected by a
> firewall. It could open a potential security leak if you use the
> "domains" field for authentication and the zope server is not
> protected by apache.

Is the issue that the X-Forwarded-For header controls the domain setting?

- C

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to