[Zope-PTK] a serious security bug??
Alan Pogrebinschi
alanpog@empresa.net
Mon, 10 Jul 2000 14:30:44 -0400
> (1) Open the security tab of <PTK Instance Root>/Members folder.
> (2) Reset 'acquire permission setting' of 'Manage Portal' role
Thanks Toshio! I did that and it worked.
And answering Chris, yes I had closed all my browser windows before loging
in, so it is a real security problem.
But, I got a strange side-effect. Each time a
member clicks on *any link* (like 'preferences', 'my stuff', or even
'Home'), I get in my terminal window:
prana:/usr/local/zope22# Action discarded: {'permissions': ['Manage
portal'], 'n
ame': 'Reconfigure portal', 'category': 'global', 'url':
'http://br.fm/Zope/ptes
te/portal_config'}
As long as I have started "python z2.py" during the same telnet session.
This must mean something is wrong, but I have no clue.
Alan