>>>> Production sites running a stock Zope are vulnerable to abuse of 
>>>> their server if they have not removed the 'Examples' folder.  For 
>>>> example, anyone could use 
>>>> http://notcarefulenough.com/Examples/FileLibrary as a warez repository.

>>> Are you sure?  I get an "Unauthorized" error (but not until I 
>>> actually try to upload).
>>> Shane

>> I'm sure, I've tried it on a few sites.

> Wait a minute, now I see it.  The "addFile" script has the "Manager" 
> proxy role!  (And apparently my Zope is disregarding the proxy roles.) 
> That's wrong.  I suggest we remove the proxy roles, replacing the proxy 
> role explanation with the text "you can set proxy roles if you want 
> anonymous users to be able to use this script".

Don't forget the Message Board application too.  Are you fixing this or 
shall I?


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to