> >     Basically, if a user with manager privileges to a folder changes
> > their
> > password to be empty, then anyone (from permitted domains) 
> can access the
> > management screen for that folder Without Logging On... 
> Zope assumes that
> > you are the user without the password and treats you as if 
> you have those
> > rights.
> This is a feature, but I don't know if or where it is 
> documented besides
> the source code (which is a bug if it isn't I guess).

You're right - it is a feature. You are also right that it isn't 
documented anywhere that I can find :(  I would suggest adding 
this to the Collector (as a 'Documentation Request'). 

Brian Lloyd        [EMAIL PROTECTED]
Software Engineer  540.371.6909              
Digital Creations  http://www.digicool.com 

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to