>>>> Production sites running a stock Zope are vulnerable to abuse of
>>>> their server if they have not removed the 'Examples' folder. For
>>>> example, anyone could use
>>>> http://notcarefulenough.com/Examples/FileLibrary as a warez repository.
>>> Are you sure? I get an "Unauthorized" error (but not until I
>>> actually try to upload).
>> I'm sure, I've tried it on a few sites.
> Wait a minute, now I see it. The "addFile" script has the "Manager"
> proxy role! (And apparently my Zope is disregarding the proxy roles.)
> That's wrong. I suggest we remove the proxy roles, replacing the proxy
> role explanation with the text "you can set proxy roles if you want
> anonymous users to be able to use this script".
Don't forget the Message Board application too. Are you fixing this or
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -