David wrote:

I have a user messing with a site using HTTP PUT to upload files. The user has access privileges to use a simple CMS (although for the time being now, they're revoked). Will switching off the permission for "WebDAV access" prevent any successful PUT or do we need to take further actions?


We also allow FTP access to certain directories. Can this be abused to upload files elsewhere?

If you can reproduce it, this is a bug, either in your app or in Zope. If the latter, it would be pretty serious...



Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to