[Zope] security

Jason Byron jason_zope@yahoo.com
Fri, 15 Jun 2001 00:10:49 -0700 (PDT)


I get: 

HTTP/1.0 404 Object Not Found


p.s. try not to send html to the list


--- barry haycock <bhaycock@hotmail.com> wrote:
<HR>
<html><DIV>Can anyone help me with this security issue regarding
ZOPE</DIV>
<DIV>&nbsp;</DIV>
<DIV>If you go to <A
href="http://www.yoursite.com/manage_workspace">www.yoursite.com/manage_workspace</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>you can access the manage screens of zope</DIV>
<DIV>&nbsp;</DIV>
<DIV>THIS IS NOT GOOD</DIV>
<DIV>&nbsp;</DIV>
<DIV>how can you overcome this</DIV>
<DIV>&nbsp;</DIV>
<DIV>I am using solaris v8 with apache as the web server talking
to another solaris box with zope 2-3-0</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have just found a way to edit the source code so that it
emails me with the user name and password&nbsp;whenever the next
person logs in.&nbsp; I can also edit any source code within the
site.</DIV>
<DIV>&nbsp;</DIV>
<DIV>REQUIRE QUICK RESPONSE</DIV><br clear=all><hr>Get Your
Private, Free E-mail from MSN Hotmail at <a
href="http://www.hotmail.com">http://www.hotmail.com</a>.<br></p></html>

_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )


__________________________________________________
Do You Yahoo!?
Spot the hottest trends in music, movies, and more.
http://buzz.yahoo.com/