[ZODB-Dev] Secure ZODB/ZEO channel

[Monty Taylor]

Ken Manheimer <klm@digicool.com> writes:

> A couple of days ago, someone mentioned that an SSH tunnel (or stunnel, or
> whatever) is insufficient for a secure ZEO channel - i want to mention (a
> bit belatedly) that something like xinetd or tcpwrappers would mitigate
> the objections. Those objections were that people who could access to the
> TCP/IP port could circumvent the SSH tunnel - things like xinetd and
> tcpwrappers provide well tested, pretty comprehensive means of regulating
> that access.

That they do.
 
> There's one other thing to consider here, as well.  ZEO can be run to talk
> via a unix-domain socket (via the '-U' option - see the ZEO start.py
> script).  This seems to me to offer a nice, generic access path against
> which to build a secure mediator of some sort.

Right on. 
 
> In general, i would question going down the avenue of building an RPC
> mechanism for the purpose of implementing security around ZODB access.  
> My sense is that it's a big job - perhaps the most substantial thing that
> Zope does on top of the ZODB.  My thought is that if you're just looking
> for a security layer, you might consider Zope.  It's not a small task.

I wholeheartedly agree. 

> If, on the other hand, you're looking for a persistent DB for your own a
> networked object system (or you really want to build a networked object
> system), then go to town...
> 
> I may be (mis)stating the obvious.

Perhaps, but I don't think so. That's about what I was attempting to
say a few days ago, but I think I rambled on a bit too long.  I think
you've hit the nail on the head much more succinctly.

Monty