[Zope-dev] Re: zope nautilus cabal

andrea@debian.org andrea@debian.org
Sat, 14 Apr 2001 18:17:26 +0200


On Fri, Apr 13, 2001 at 03:52:35PM -0400, Chris McDonough wrote:

> This isn't a bug, it's a feature.  A bad one, likely, as there's no easy way
> to turn it off. ;-)  I believe that if you turn off "Access Contents
> Information" permission for anonymous on the root folder, a WebDAV directory
> listing can't be retrieved.  This, however, likely breaks lots of things
> that have nothing to do with WebDAV.

[cc: the debian maintainer of zope]

Mmm  the bad  thing  is  that the  default  installation  of zope  is
"vulnerable"  (please  note the  ")  to  this  type of  feature.  I'm
firewalling the port 9673, beacause  turning off the "Access Contents
Informations" some web site stop to work.

Any kind of different workaround ? 


Regards 

a.f.
-- 
Andrea Fanfani 
Era  talmente intelligente  che, datogli  in  mano un  cubo di  Rubik,
riusciva a mangiarlo in 15 secondi netti. (Anonimo)