SecureZEO rehash, was Re: [ZODB-Dev] ZEO signal feature

Tim Hoffman timhoffman@cams.wa.gov.au
24 Sep 2002 08:56:18 +0800 

Hi

I have been doing IP based access control with ZEO for quite some time
now, where whether a ZEO client can connect and whether it can
read/write or read only is specified on the ZSS. I am currently 
running it on several production sites, one of which has been 
runing for getting on towards a year now with this code.

I have posted several times but never garnered any interest in it.
http://www.zope.org/Members/smog/index_html

I have not yet looked at porting it to Zeo 2.

Rgds

Tim


On Tue, 2002-09-24 at 03:01, Christian Reis wrote:
> On Mon, Sep 23, 2002 at 12:26:45PM -0400, Jeremy Hylton wrote:
> > >>>>> "CR" == Christian Reis <kiko@async.com.br> writes:
> > 
> >   CR> On Mon, Sep 23, 2002 at 12:07:49PM -0400, Jeremy Hylton wrote:
> >   >> I'm trying to clear out the backlog of ZEO todo items in hopes of
> >   >> getting another beta release out soon.  I'd like to accommodate
> >   >> the use cases that lead to the signal code, but I wonder if we
> >   >> could consider some other alternatives.
> > 
> >   CR> We have been working on a SecureZEO class this week that
> >   CR> subclasses ClientStorage and the basic Storage. We're trying to
> >   CR> get a solution that doesn't avoid changing ZEO, but we might
> >   CR> need to. Can we send patches your way for review, to check if it
> >   CR> is acceptable for integration?
> > 
> > Yes.  Happy to look at patches, or to review design plans before they
> > get to the patch stage.
> 
> Do we have plans for SecureZEO outlined somewhere? There are some
> references to http://www.zope.org/Wikis/ZODB/ZEO2 but nothing very
> solid. 
> 
> There *is* a comment by someone famous that says:
> 
>     * There's been a fairly length discussion of this issue
>       on the zodb-dev mailing list. The short answer is the untrusted
>       clients can't use the ZEO protocol because it gives them access to
>       object pickles. Instead, you'd need something like a trusted ORB
>       that served objects to untrusted clients via RPC. --jeremy
> 
> Our mechanism allows very simple access control, and removes the need
> for an ORB for this specific case. 
> 
> There is also a reference to doing client IP access control, which is
> nice but can be implemented using a firewall, so it isn't top-priority
> for us.  Anyway, the auth() hook is flexible enough for it to be
> implemented easily, as would Zope security, I suppose.
> 
> Take care,
> --
> Christian Reis, Senior Engineer, Async Open Source, Brazil.
> http://async.com.br/~kiko/ | [+55 16] 261 2331 | NMFL
> 
> _______________________________________________
> For more information about ZODB, see the ZODB Wiki:
> http://www.zope.org/Wikis/ZODB/
> 
> ZODB-Dev mailing list  -  ZODB-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zodb-dev