[ZODB-Dev] ZEO and Security
Jim Fulton
jim@digicool.com
Tue, 08 May 2001 05:57:37 -0400
Jeremy Hylton wrote:
>
> The protocol for connecting isn't really the issue. We could probably
> get TLS/SSL with client-side certificates hooked up without too much
> trouble (except for the clients that need the certificates <0.5 wink>
> .) But what happens then? The authentication problem isn't that
> hard, but the authorization is. The security system would need to
> provide mechanism for specifying who has access to what, e.g. client X
> can load object 12.
Exactly.
> I'm not sure if storage-level security is sufficient or not, because
> loading an object gets you access to all of its state.
Only if you have read access.
> A buggy or
> malicious client could modify the state of an object in a way that
> violates some expected invariant,
Only if it has write access.
> leading to errors and security
> breaches down the road.
I think you could only go so far. You would effectively
need to not give write access for an object to a client
that you didn't trust. You might give less trusted clients
write access to less important objects .....
It's worth noting that RDBMS systems have essentially
the same sort of problem. While, they do provide integrity
constraints, I don't think that these are powerful enough,
or routinely applied in a way to maintain consistency in the
presence of badly broken or malicious clients. Further, the
granuality of security is pretty low. I never seen an RDBMS
that provided row-level autorization. Has anyone else?
Jim
--
Jim Fulton mailto:jim@digicool.com Python Powered!
Technical Director (888) 344-4332 http://www.python.org
Digital Creations http://www.digicool.com http://www.zope.org