[ZODB-Dev] ZEO and Security
Michel Pelletier
michel@digicool.com
Mon, 7 May 2001 11:06:20 -0700 (PDT)
On 7 May 2001, Bill Anderson wrote:
> On 07 May 2001 10:09:34 -0400, Chris McDonough wrote:
> > Ssh tunnelling is an effective workaround for now.
>
> Not really, as that just encrypts the traffic from the client. it does
> nothing to prevent, say, Bob from doing things he should do,such as
> messing around with Joe's data.
Security is outside the domain of the database. ZODB does not know
anything about Bob or Joe or any other object for that matter, and it
would be a pain to try and teach it (and probably a bad idea in
general) application level constraints like security.
If you want security like the Zope application enforces, then you need to
either duplicate that security in your app (ugh) or just use Zope as the
ZEO client. Zope's interfaces are now HTML, but there's no reason why
they could not be some GUI framework. It sounds like what you are writing
is more of a "ZODB-browser". Probably an easier task yes, but not as
useful.
-Michel