[ZODB-Dev] Python RPC

[Chris Withers]

> It's not just that they can be hacked, but that the basic
> client-server protocol deals in objecs.  It's not so much clients
> being hacked that I worry about, but a program that uses the ZEO
> client-server protocol to gain unauthorized access to the database.

Well, that's the bit where ZEo _does_ need some security. IIRC, that's been
discussed a lot on this list, were any conclusions about how it should be
done reached?

> This sketch of an architecture looks reasonable.

Thanks :-)

> You'd want an
> authenticated connection between the endpoints with optional
> encryption.

Yup... if I need to implement the above architecture, I want to factor that
layer out so I can start of writing a simple version that others can then
override with more secure ones.

> The server would load objects using the ZEO connection
> and enforce some security policy.  The details of how to describe
> security policies and enforce them is, of course, the hard part.

Well, since I want this for an app which needs a Zope server, rather than
just a ZODB server, I get Zope's security policy for free. I think this is
pretty easy to implement with that assumption, but I may be proved wrong.
Of course, I'd try and factor out that section so other people could plug in
a connection to a plain ZODB server, or even something else :-)

> There's also a level of security that could be provided without quite
> so much hassle, although it's utility may be marginial.  We could have
> a basic access control mechanism that would allow multiple parties to
> share a single storage.  Individual objects would be assigned
> permissions, along the lines of file permissions.  Some objects could
> be private, others read-only, etc.

Are you saying that in a non-Zope context, the ZODB could have a small layer
put above it that added a simple security mechanism? If so, I'd agree, if
not, then I'm missing something :-)

cheers,

Chris