[Zope] browsable parent directories
Stephan Goeldi
stephan.goeldi@datacomm.ch
Fri, 06 Oct 2000 08:15:26 GMT
I successfully installed and used SiteAccess on my Zope 2.2.0.
There is a directory /www on my server, where subdirectories are stored.
Customer domains point to those subdirectories:
/www/domain1
/www/domain2
etc. in domain1 and domain2 are the acl_user folders with manager permission
for the customer. And there are the SiteRoot methods as
Title = www.domain1.com
Base = http://www.domain1.com
Path = /
When the customer accesses the manage screen, in the left frame everything
is correct displayed (as www.domain1.com/). In the right folder it isn't. On
the top of the right frame is the current path displayed as:
/toplevel/www/domain1
The customer can browse to /toplevel/www and look who else is on this
server. This is bad security IMHO.
Is there a workaround for this?
I downloaded SiteAccess 2, because I didn't know which version I installed
some weeks ago. There was no 'Product' directory in my Zope root. So I
created the directory and untarred SiteAccess2. I don't know how to delete
SiteAccess 1.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.