[ZODB-Dev] ZEO client-server security
Christian Robottom Reis
kiko@async.com.br
Thu, 24 May 2001 21:27:42 -0300 (BRT)
On Thu, 24 May 2001, Jeremy Hylton wrote:
> The problem is that ZEO deal with object representations. If you give
> a client read access to an object, it gets the entire object. If it
> can write an object, it can send you an arbitrary object. There's no
> mechanism to enforce an object's interface, limit access to certain
> methods, etc. It's all or nothing.
Yes, certainly; with CORBA you can just check permissions for each call
the client makes and validate it. It works because we marshal Object
references, and not the objects themselves (though copy-by-value is
included in the spec, I've never used it -- or abstrace interfaces
-- myself).
You are also expected to interact with Factory objects which can also
provide coarser-grained access control. So you can actually accesss limit
by object class (as in managed by a Factory). ZEO today offers no such
thing; apart from anyone with a clientstorage and knowing an IP and port
for the ZEOd being able to connect to it, they can also pull any object
and, if read-write access is given, write any object.
I'm not sure if ZEO's current model can be changed to enforce a more
complete security scheme, either.
Take care,
--
/\/\ Christian Reis, Senior Engineer, Async Open Source, Brazil
~\/~ http://async.com.br/~kiko/ | [+55 16] 274 4311