SecureZEO rehash, was Re: [ZODB-Dev] ZEO signal feature
Tim Hoffman
timhoffman@cams.wa.gov.au
24 Sep 2002 08:56:18 +0800
Hi
I have been doing IP based access control with ZEO for quite some time
now, where whether a ZEO client can connect and whether it can
read/write or read only is specified on the ZSS. I am currently
running it on several production sites, one of which has been
runing for getting on towards a year now with this code.
I have posted several times but never garnered any interest in it.
http://www.zope.org/Members/smog/index_html
I have not yet looked at porting it to Zeo 2.
Rgds
Tim
On Tue, 2002-09-24 at 03:01, Christian Reis wrote:
> On Mon, Sep 23, 2002 at 12:26:45PM -0400, Jeremy Hylton wrote:
> > >>>>> "CR" == Christian Reis <kiko@async.com.br> writes:
> >
> > CR> On Mon, Sep 23, 2002 at 12:07:49PM -0400, Jeremy Hylton wrote:
> > >> I'm trying to clear out the backlog of ZEO todo items in hopes of
> > >> getting another beta release out soon. I'd like to accommodate
> > >> the use cases that lead to the signal code, but I wonder if we
> > >> could consider some other alternatives.
> >
> > CR> We have been working on a SecureZEO class this week that
> > CR> subclasses ClientStorage and the basic Storage. We're trying to
> > CR> get a solution that doesn't avoid changing ZEO, but we might
> > CR> need to. Can we send patches your way for review, to check if it
> > CR> is acceptable for integration?
> >
> > Yes. Happy to look at patches, or to review design plans before they
> > get to the patch stage.
>
> Do we have plans for SecureZEO outlined somewhere? There are some
> references to http://www.zope.org/Wikis/ZODB/ZEO2 but nothing very
> solid.
>
> There *is* a comment by someone famous that says:
>
> * There's been a fairly length discussion of this issue
> on the zodb-dev mailing list. The short answer is the untrusted
> clients can't use the ZEO protocol because it gives them access to
> object pickles. Instead, you'd need something like a trusted ORB
> that served objects to untrusted clients via RPC. --jeremy
>
> Our mechanism allows very simple access control, and removes the need
> for an ORB for this specific case.
>
> There is also a reference to doing client IP access control, which is
> nice but can be implemented using a firewall, so it isn't top-priority
> for us. Anyway, the auth() hook is flexible enough for it to be
> implemented easily, as would Zope security, I suppose.
>
> Take care,
> --
> Christian Reis, Senior Engineer, Async Open Source, Brazil.
> http://async.com.br/~kiko/ | [+55 16] 261 2331 | NMFL
>
> _______________________________________________
> For more information about ZODB, see the ZODB Wiki:
> http://www.zope.org/Wikis/ZODB/
>
> ZODB-Dev mailing list - ZODB-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zodb-dev