[Zope] acquisition and security

[Sune Brøndum Wøller]

> -----Original Message-----
> From: zope-bounces at zope.org [mailto:zope-bounces at zope.org]On Behalf Of
> Dylan Reinhardt
> Sent: 19. november 2003 04:35
> To: Jamie Heilman
> Cc: Zope Users
> Subject: Re: [Zope] acquisition and security
> 
> 
> On Tue, 2003-11-18 at 18:41, Jamie Heilman wrote:
> > Paul Howell wrote:
> > > I have several sites running next to each other, each in its 
> own folder, 
> > 
> > The easy answer is, "don't do that."  If you want data integrity
> > between virtualhosts, don't store them in the same zope instances.
> 
> That is the best available answer I'm aware of if security matters and
> you're hosting multiple sites with anonymous access.
> 
> But if it doesn't have to be really tight and you prefer the simplicity
> of VHM mappings, a trick you could use is to salt each virtual root with
> error-returning methods that have the same name as your other roots.
> 
> site_roots/
>    foo/
>       boo
>       moo
>    boo/
>       foo
>       moo
>    moo/
>        foo
>        boo
> 
> This isn't bulletproof or anything, but it may be good enough to prevent
> accidents and discourage experimentation.  Appropriateness depends on
> your requirements.
> 
> 
> HTH,
> 
> Dylan
> 
> 



Hi all,
sorry, but this is the most silly thing i have seen so far ! 
(and a bit annoying.....)
That a folder aquires its sibling folders complete tree.
I have several cmf-sites in the root of a zope-instance, which is
hosted not by myself. I can actually write for instance
www.dom1.com/dom2siterootfolder/dom2content and get content from
site dom2.com shown in dom1.com

No other way to stop aq. from its megalomania ?

(its not a security issue, since the stuff has to be public, but its silly,
and dangerous, inviting stupid things to happen.)

greetings, 
Sune