[ZODB-Dev] ZEO and Security

[Michel Pelletier]

On 7 May 2001, Bill Anderson wrote:

> On 07 May 2001 11:06:20 -0700, Michel Pelletier wrote:

> > Security is outside the domain of the database.  ZODB does not know
> 
> Since when??
> 
> Pretty much all RDMS servers I've used have a security mechanism.

I should have been more clear, as Jeremy pointed out, obviously access to
the database itself should be constrained.

> > If you want security like the Zope application enforces, then you need to
> > either duplicate that security in your app (ugh) or just use Zope as the
> > ZEO client.  Zope's interfaces are now HTML, but there's no reason why
> > they could not be some GUI framework.  It sounds like what you are writing
> > is more of a "ZODB-browser".  Probably an easier task yes, but not as
> > useful.
> 
> Exactly, i don't want to go through and duplicate the zope security
> machinerey, and the full extent of it is not even neccesary. it seems
> anathema to the OS mantra of code reuse. Why should everyone reimplement
> database security for each app?

Because different applications have different requirements.

> All we really need for basic security
> 9again, which is all that is ebing asked), is a hook, such that db
> access goes through before being allowed to operate.

I was under the impression that you were looking for object-level access
controls.  Which is what Zope implements in its security
machinery.  Implementing something similar in ZEO is possible, but as
Jeremy also pointed out, a big project.

-Michel