seb bacon wrote: > > > Shane Hathaway wrote: > >> seb bacon wrote: >> >>> Production sites running a stock Zope are vulnerable to abuse of >>> their server if they have not removed the 'Examples' folder. For >>> example, anyone could use >>> http://notcarefulenough.com/Examples/FileLibrary as a warez repository. >> >> >> >> Are you sure? I get an "Unauthorized" error (but not until I actually >> try to upload). >> >> Shane > > > I'm sure, I've tried it on a few sites.
Hmm, it would appear that the "Add Documents, Images, and Files" permission is enabled for anonymous. It shouldn't be, obviously. Shane _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )