[ZODB-Dev] ZEO client-server security

[Jeremy Hylton]

>>>>> "CW" == Chris Withers <chrisw@nipltd.com> writes:

  CW> The problem with ZEO in this context, as I understand it, is
  CW> that you have to trust anyone with a ZEO client that can connect
  CW> to your server completely as security would have to be
  CW> implemented as part of the client, which could obviously be
  CW> tampered with.

  CW> Have I got that right?

I think so.

The problem is that ZEO deal with object representations.  If you give
a client read access to an object, it gets the entire object.  If it
can write an object, it can send you an arbitrary object.  There's no
mechanism to enforce an object's interface, limit access to certain
methods, etc.  It's all or nothing.

That's why a distributed object system might make sense.  The server
uses persistence to manage objects that are served to clients.  The
clients just get a stub that can be used to invoke methods on the
object stored at the server.

Jeremy