[ZODB-Dev] CHAP with ZEO
Michel Pelletier
michel@digicool.com
Mon, 21 May 2001 20:55:26 -0700 (PDT)
On Mon, 21 May 2001, A.M. Kuchling wrote:
> On Mon, May 21, 2001 at 08:31:24PM -0600, Bill Anderson wrote:
> >IOW, "It's less than perfect, so we shouldn't do it" is a worse policy
> >than providing minimal capability. And that seems to be the policy I am
> >seeing here.
>
> True, and the Python community does tend to err too muuch toward
> perfection, but in this case it seems that using a more secure
> protocol wouldn't be too big a leap. Heck, M2Crypto provides a fairly
> complete OpenSSL wrapper
I looked at that, at first thinking I could just use openSSL's TLS, but
the M2Crypto package is very young, it warns of memory errors,
requirements for odd version of SWIG, doesn't metnion any TLS
documentation, etc. It seemed a higher risk to me than just using your
MD5 hash algorithm and a simple, well understood challenge protocol to
provide simple authentication.
Of course ssl and tls are way more secure, but at the moment seem to
intoduce some additional risk in the form of M2Crypto.
-Michel