David wrote at 2006-5-3 23:12 +0100: > ... >I have a user messing with a site using HTTP PUT to upload files. The >user has access privileges to use a simple CMS (although for the time >being now, they're revoked). Will switching off the permission for >"WebDAV access" prevent any successful PUT or do we need to take >further actions?
I doubt this. "PUT" is used in standard HTML as well (and not only in WebDAV). "webdav.NullResource.NullResource.PUT" is explicitly allowed for "Anonymous" and internally checks that the current user may create the object at the corresponding place (it uses "CopyContainer._verifyObjectPaste"). Other objects "PUT" usually use "Change XXX" permissions to control "PUT". -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )