On 2/8/06, Tino Wildenhain < [EMAIL PROTECTED]> wrote:
michael nt milne schrieb:
> Of course I did. Why on earth would you be able to view a front page of
> a site when it is labelled as 'authenticated' and also as 'manager' ?
> just by pressing cancel or return a few times. Big security flaw I'm
> sorry. Also superuser passwords don't work when security is set up and
> I've tried this on a couple of set-ups. And this is apart from the
I dont get what you tried... many of us are doing it and it just
works. Much easier as with apache I say. Apropos getting and trying...
could you try to set your mail-client to text only and quote like
all others do? This would make it easier to read what you type :-)
You only remove [ ] Acquire for View and assign it to
Authenticated or better to whatever role your users should belong.
Canceling Authentication requester will not show you contents
but the standard_error_page - unless you have a broken useragent
(e.g. Internetexplorer) with horrible cache settings and did
view the authenticated page before.
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )