Romain Slootmaekers wrote:

> This is a pain, Xron tries to invoke the actions from the front side of 
> zope, ie by issuing a HTTP request. since we use a Zope+Apache 
> http&https setup, we just hacked Xron to rewrite the urls to 

Another problem of Xron using standard http access is that you can't use 
authentication -- at least I could not figure out, how to add a user 
name and password to the http request issued by Xron. Ok, restricting 
access to localhost for the "page" requested by Xron can perhaps close 
this security hole in many circumstances, but while playing with Xron I 
felt a bit uncomfortable imagining that a melevolent user could easily 
screw up things like timed publication or removal of a certain page...


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to