michael nt milne schrieb: > Of course I did. Why on earth would you be able to view a front page of > a site when it is labelled as 'authenticated' and also as 'manager' ? > just by pressing cancel or return a few times. Big security flaw I'm > sorry. Also superuser passwords don't work when security is set up and > I've tried this on a couple of set-ups. And this is apart from the > usability.
I dont get what you tried... many of us are doing it and it just works. Much easier as with apache I say. Apropos getting and trying... could you try to set your mail-client to text only and quote like all others do? This would make it easier to read what you type :-) You only remove [ ] Acquire for View and assign it to Authenticated or better to whatever role your users should belong. Canceling Authentication requester will not show you contents but the standard_error_page - unless you have a broken useragent (e.g. Internetexplorer) with horrible cache settings and did view the authenticated page before. Regards Tino Wildenhain _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )