SecureZEO rehash, was Re: [ZODB-Dev] ZEO signal feature

[Christian Reis]

On Tue, Sep 24, 2002 at 09:20:26AM +0800, Tim Hoffman wrote:
> Our main use has been to have a read only server in a DMZ which is
> accessible publicly and a read/write server in the trusted network.

Are the users on one site and the other distinct? Or is access not split
by user, but from originating IP? I see your need there.

> I suppose one of things with my approach was to control what 
> zeo transactions could be conducted by each zeo client, and that would
> I think be a reasonable approach if some form of authentication for the
> session was introduced.

I never encountered a need for R/W access control, but it's a
possibility, I guess.

> I suppose I posted this, to show that on the whole, the community
> obviously isn't ;-) but it was topical given your discussion on zeo.

I think it would be great if we at least had an authorization hook in
ZEO so we could add custom authorization functions as desired. This
could be done by subclassing or by passing in a ZEOAuthentication
instance, that had a standard interface. Both options are nice, I'm just
not sure which is more appropriate.

> approach, it seems to work for me, but I am not a Zope internals
> architect, but as you say if there isn't any community need, then there
> is probably no point.

I guess if we standardize on an authentication hook and API, then custom
handlers would be easy to implement, which is the real point to this
thread I think :-)

Take care,
--
Christian Reis, Senior Engineer, Async Open Source, Brazil.
http://async.com.br/~kiko/ | [+55 16] 261 2331 | NMFL