SecureZEO rehash, was Re: [ZODB-Dev] ZEO signal feature

Tim Hoffman timhoffman@cams.wa.gov.au
24 Sep 2002 09:20:26 +0800 

Hi Guido

On Tue, 2002-09-24 at 09:08, Guido van Rossum wrote:
> > I have been doing IP based access control with ZEO for quite some time
> > now, where whether a ZEO client can connect and whether it can
> > read/write or read only is specified on the ZSS. I am currently 
> > running it on several production sites, one of which has been 
> > runing for getting on towards a year now with this code.
> > 
> > I have posted several times but never garnered any interest in it.
> > http://www.zope.org/Members/smog/index_html
> 
> I hope you realize that it's (apparently) rather easy to spoof IP
> addresses, so you're taking your chances here.
> 

Absolutely, I have always used it in conjunction with firewalls where I
control the route to the host(s), and can prevent spoofing at the
firewall.

Obviously someone could spoof on the trusted network, but I have got to
start trusting something ;-)

Our main use has been to have a read only server in a DMZ which is
accessible publicly and a read/write server in the trusted network.

I suppose one of things with my approach was to control what 
zeo transactions could be conducted by each zeo client, and that would
I think be a reasonable approach if some form of authentication for the
session was introduced.


> > I have not yet looked at porting it to Zeo 2.
> 
> Is the community interested in this?  Zope Corp would never recommend
> this to its customers, but that doesn't mean we can't add such an
> option to a ZEO distribution for people in the community who feel this
> need (with a big disclaimer).
> 

I suppose I posted this, to show that on the whole, the community
obviously isn't ;-) but it was topical given your discussion on zeo.

> IOW if you get to porting it to ZEO 2, please send us a patch.
> 

Yeah shall do, I obviously will have to do it soon. But one of the
things I always wanted was someone (hopefully with more knowledge and or
experience than me, which shouldn't be hard to find) to look at the
approach, it seems to work for me, but I am not a Zope internals
architect, but as you say if there isn't any community need, then there
is probably no point.

See ya

Tim

> --Guido van Rossum (home page: http://www.python.org/~guido/)