[ZODB-Dev] RFC: Proposal for AuthZEO (was SecureZEO one day)
Toby Dickenson
tdickenson@geminidataloggers.com
Thu, 16 Jan 2003 11:40:24 +0000
On Wednesday 15 January 2003 9:35 pm, Christian Reis wrote:
> Three new classes are introduced: AuthStorageServer, AuthZEOStorage
> and AuthClientStorage. These classes inherit from StorageServer,
> ZEOStorage and ClientStorage respectively.
Why not put the new functions into StorageServer, ZEOStorage and=20
ClientStorage?
> 4. Protocol
The protocol autenticates clients to the server. Is there value in making=
this=20
symetric, so that clients know they are talking to an authentic server?
> but it seems the sha and md5
md5 isnt really wide enough for this. It would probably be sufficient, bu=
t=20
there is no reason to avoid sha.
> (i.e. what artifacts pickle and a python dictionary might
> present upon digest).
Can we rely on that pickle.dumps always producing the same output bytes a=
cross=20
python versions? Im not sure what would be more predictable yet equally=20
easy.... repr?
> The simpler alternative is storing a text file with a
> username:password mapping. This requires being on the server to
> manipulate data unless a specialized interface and protocol is
> developed for this.
+1 for using a plain file
> 5. Notes and Issues (RFC)
Where will it get the random challenge from?
--=20
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson