On Tue, 5 Sep 2000, Evan Simpson wrote:

> > I've got to say I agree with you here.  I'm still not 100% sure why the
> > superuser or bootstrap user can't own anything.
> It's due to a combination of the trojan horse issue and the sticky
> authentication issue, I think.  You really don't want to be authenticated as
> super very often, because while you are, if you visit a page someone else
> wrote, they can make your browser do evil things to your site.  This is also
> true of Managers, but less so.  Similarly, a page owned by non-super has
> tighter permissions than one owned by the super would.

Yes... the PDG security chapter has all of this in it, but it would seem
that neither Chris W or I are completely satisfied by these answers.  :-)
It seems a matter of diminishing returns, especially when newbies hit the
wall during install, since we haven't provided them with an airbag yet.

Chris McDonough
Digital Creations, Publishers of Zope

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to