[ZODB-Dev] ZEO signal feature
Toby Dickenson
tdickenson@geminidataloggers.com
Tue, 24 Sep 2002 08:16:23 +0100
On Monday 23 Sep 2002 7:30 pm, Christian Reis wrote:
> We have been working on something very simple for now - passing a
> username/password pair over RPC when initializing ClientStorage, and
> having the server authenticate that U/P and, if invalid, raise an
> authentication exception. The password is crypted to difficult things
> for evil packet sniffers, but proper protocol security is easily
> implemented by connecting to ZEO through stunnel.
I can see what advantage using crypt on the password is giving you here.
If using stunnel then you need to be able to trust that:
1. It is really stunnel, not an attacker, listening on the local stunnel =
port
2. It is really ZEO, not an attacker, listening on the remote port
3. Your operating systems, stunnel, and ZEO have not been compromised.
If not using stunnel, isnt your scheme vulnerable to replay attacks? Sure=
, an=20
attacker dont know what the password is. As long as he knows the crypted=20
passed then he can still connect.
(or, I may be reading all the wrong details into your one sentence protoc=
ol=20
description. Is so, I appologise)
I think either of two levels make sense:
a. Send plaintext username and password. At least it doesnt give a false =
sense
of security.
b. Implement something like CHAP to avoid the replay attack.
> Has anyone worked on specifying this before?
>
> We're at the point where we need to specify a custom StorageServer to
> ServerStub to avoid having to do a hack like:
>
> # Evil hack ahead
> def auth (self, username, password):
> self.rpc.call ('auth', username, password)
> ServerStub.StorageServer.auth =3D auth
>
> auth() is called by the client in testConnection(), and the server
> checks during register() to see if auth was performed successfully; die=
s
> if not.