On Wed, 7 Jun 2000, Jon Franz wrote:

>       Basically, if a user with manager privileges to a folder changes
> their
> password to be empty, then anyone (from permitted domains) can access the
> management screen for that folder Without Logging On... Zope assumes that
> you are the user without the password and treats you as if you have those
> rights.

This is a feature, but I don't know if or where it is documented besides
the source code (which is a bug if it isn't I guess). The blank password 
feature is normally combined with the domain limitation feature to allow 
connections from a given network to automatically attach with various 
permissions (such as a trusted that pushes data into the ZODB - this 
method avoids having to keep a password in plaintext around on your 

Stuart Bishop                          Work: [EMAIL PROTECTED]
Senior Systems Alchemist               Play: [EMAIL PROTECTED]
Computer Science, RMIT University

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to