David wrote at 2006-5-3 23:12 +0100:
> ...
>I have a user messing with a site using HTTP PUT to upload files. The  
>user has access privileges to use a simple CMS (although for the time  
>being now, they're revoked). Will switching off the permission for  
>"WebDAV access" prevent any successful PUT or do we need to take  
>further actions?

I doubt this.

  "PUT" is used in standard HTML as well (and not only in WebDAV).

  "webdav.NullResource.NullResource.PUT" is explicitly
  allowed for "Anonymous" and internally checks that
  the current user may create the object at the corresponding
  place (it uses "CopyContainer._verifyObjectPaste").

  Other objects "PUT" usually use "Change XXX" permissions to
  control "PUT".

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to