[ZODB-Dev] ZEO client-server security

John D. Heintz jheintz@isogen.com
Sat, 26 May 2001 13:36:35 -0500 

This is precisely where we are headed with ZODBCorbaFramework on my proje=
cts.

It basically wraps a ZODB Connection as a CORBA session of object referen=
ces.=20
This requires security to still be handled on the server side, but at lea=
st=20
there is a clear place where to handle it.

Search www.zope.org for ZODBCorbaFramework to see the original packaging =
of=20
what we've done.  Since then we've made significant improvements but also=
=20
lost some clear framework-application code separation.

I'm happy with how we are using omniORBpy 1.3 now and just need to refact=
or=20
to get everything where it belongs and then I can put up a new version.

John

On Thursday 24 May 2001 19:19, Jeremy Hylton wrote:
> >>>>> "CW" =3D=3D Chris Withers <chrisw@nipltd.com> writes:
>
>   CW> The problem with ZEO in this context, as I understand it, is
>   CW> that you have to trust anyone with a ZEO client that can connect
>   CW> to your server completely as security would have to be
>   CW> implemented as part of the client, which could obviously be
>   CW> tampered with.
>
>   CW> Have I got that right?
>
> I think so.
>
> The problem is that ZEO deal with object representations.  If you give
> a client read access to an object, it gets the entire object.  If it
> can write an object, it can send you an arbitrary object.  There's no
> mechanism to enforce an object's interface, limit access to certain
> methods, etc.  It's all or nothing.
>
> That's why a distributed object system might make sense.  The server
> uses persistence to manage objects that are served to clients.  The
> clients just get a stub that can be used to invoke methods on the
> object stored at the server.
>
> Jeremy
>
>
>
> _______________________________________________
> For more information about ZODB, see the ZODB Wiki:
> http://www.zope.org/Wikis/ZODB/
>
> ZODB-Dev mailing list  -  ZODB-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zodb-dev

--=20
=2E . . . . . . . . . . . . . . . . . . . . . . .

John D. Heintz | Senior Engineer

1016 La Posada Dr. | Suite 240 | Austin TX 78752
T 512.633.1198 | jheintz@isogen.com

w w w . d a t a c h a n n e l . c o m