[Zope-dev] Re: zope nautilus cabal
Andrea Fanfani
andrea@debian.org
Fri, 13 Apr 2001 20:42:15 +0200
On Fri, Apr 13, 2001 at 01:49:24PM -0400, Chris McDonough wrote:
> How is this any different than visiting the site in a web browser?
[...]
The difference is that in this way you can see the internal structure
of the data.fs and not only the http output from zope.
You can access to the /manage part without user and pass and see
but not modify the internal structure, bypassing the authentication
part. In this way a evil-user can discover not-public informations
Regards
a.f.