On 2/9/06, michael nt milne <[EMAIL PROTECTED]> wrote: > Over and out on this one from me and thanks for all your help.... Sorry but > SSL over virtual hosts *is* more involved that setting up a basic password > protect >
My 2 cents on this thread: I've seen (ok, I've done, long ago) the following as a newbie when it comes to security - start checking and unchecking boxes in the security screens trying to get things to work how I want them to, get partially there, change another setting, now what used to work doesn't, now can't recall how to get back to working settings, and everything is botched. Before blaming Zope/Plone and its security, and calling it insecure or a nightmare, consider this: many of us have for years set up Zope and Plone sites with a mixture of anonymous and authentication-required areas, or totally locked down sites, using various user folders and authentication methods, and done so successfully. I don't say this to be snide - I have trained others on Zope and seen similar frustration from people when they rush in and start clicking things, or go on wild goose chases when something like browser cache may be producing the symptoms instead of a flaw with security. Careful, methodical debugging is required, and you must rule out external (non-Zope) causes. Others have pointed out that a default Plone site should not prompt you with a pop-up box (browser Basic Auth challenge) when requesting protected content. Plone and CMF sites use a login web form out of the box. Actually, from your initial post it's hard for me to tell what's going on - I can't tell whether you're trying to hit the site from perspective of a normal user, or through the ZMI you are clicking the View tab of the Plone site object. When reporting problems, it helps to clearly list your steps that produced the error. Maybe you thought you did. I'll agree that Zope security can be complex. ANY web application that features content that is available to some users, and not to others, especially when dealing with Users with Role A can view x and y, but not z, and can edit x, but not y and z, is going to be complex. Zope actually gives you a convenient way of setting that up, but the convenience also gives you a great way to shoot yourself in the foot. OT: I also use gmail because it's better IMO than any of my other options at work, and I hope I have the settings to the liking of the list (no HTML, etc). List, let me know if otherwise! Robert
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )