[ZODB-Dev] ZEO and Security
Steve Waterbury
waterbug@epims1.gsfc.nasa.gov
Mon, 07 May 2001 16:06:11 -0400
Andrew Kuchling wrote:
> I'm doubtful that it can be made convincingly secure, though, because
> there's no obvious small core of code to be audited. ...
>
> Somewhere Bruce Schneier wrote about partial security being worse than
> no security, because it encourages doing riskier things, making the
> damage from a breach more serious when one does happen. If you
> document the ZODB and ZEO as being unsafe, then people will simply
> have to design their systems in a way that protects the ZODB from
> being exposed to the outside world.
I agree with Andrew. The "security" constraints that are built in
to DBMS's are not up to modern security requirements
for direct access from the net .... I think applications that
need real security will need to depend on a channel or wrapper
technology that is widely used and frequently scrutinized by
security experts, the way ssh and tcp wrappers are.
-- Steve.
oo _\o
\/\ \
/
____________________________________________ oo _________________
"Sometimes you're the windshield; sometimes you're the bug."
- Knopfler
Stephen C. Waterbury Component Technologies
Code 562, NASA/GSFC and Radiation Effects Branch
Greenbelt, MD 20771 Engineering Web/Database Specialist
Tel: 301-286-7557 FAX: 301-286-1695
WWW: http://misspiggy.gsfc.nasa.gov/people/waterbug.html
_________________________________________________________________