security hardening: we don't want the anonymous user to look at our fs

plone / plone.resource

publishes directories of static files via the ZPublisher

4 stars 3 forks source link

security hardening: we don't want the anonymous user to look at our fs #4

Closed giacomos closed 10 years ago

giacomos commented 10 years ago

with the current implementation of the repr of a FilesystemResourceDirectory, an anonymous user can view the server's filesystem. That's not something we want.

jensens commented 10 years ago

please add an entry in changelog.

jensens commented 10 years ago

@giacomos whats the state here?