[ZODB-Dev] RFC: Proposal for AuthZEO (was SecureZEO one day)

[Toby Dickenson]

On Wednesday 15 January 2003 9:35 pm, Christian Reis wrote:

> Three new classes are introduced: AuthStorageServer, AuthZEOStorage
> and AuthClientStorage. These classes inherit from StorageServer,
> ZEOStorage and ClientStorage respectively.

Why not put the new functions into StorageServer, ZEOStorage and=20
ClientStorage?

> 4. Protocol

The protocol autenticates clients to the server. Is there value in making=
 this=20
symetric, so that clients know they are talking to an authentic server?

>        but it seems the sha and md5

md5 isnt really wide enough for this. It would probably be sufficient, bu=
t=20
there is no reason to avoid sha.

>        (i.e. what artifacts pickle and a python dictionary might
>        present upon digest).

Can we rely on that pickle.dumps always producing the same output bytes a=
cross=20
python versions? Im not sure what would be more predictable yet equally=20
easy.... repr?


>     The simpler alternative is storing a text file with a
>     username:password mapping. This requires being on the server to
>     manipulate data unless a specialized interface and protocol is
>     developed for this.

+1 for using a plain file

> 5. Notes and Issues (RFC)

Where will it get the random challenge from?


--=20
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson