probably the HelpSys object shouldn't be available by default
to non-authenticated users, because it gives too much information
on the currently installed products.
access any Zope site this way :
and you'll learn what products are available on the server.
This can't lead to a direct compromise, but this gives way
too much information to anonymous users IMHO.
Tested today on several low and very high profile sites.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -