[ZODB-Dev] ZEO Server Security (long)
Toby Dickenson
tdickenson@geminidataloggers.com
Fri, 17 Jan 2003 17:21:37 +0000
On Friday 17 January 2003 4:48 pm, Jeremy Hylton wrote:
> Agreed. The ZEO server is not secure. A large system configuration
> must use other means to address security issues (for better or worse).
Agreed. I am trying to probe the limits of ZEO security to see what "othe=
r=20
means" are necessary, because I dont think this is well understood.
> But a client can already do arbitrary damage to a database.
Even to storage servers marked as read only? Hmmm.
I do accept that a read/write storage can have its *content* damaged, but=
this=20
is still different. For example.....
Zope's cvs has a zeopack.py script that opens a connection to a zeo serve=
r and=20
calls the pack method. Today it is possible for a compromised Zope to inj=
ect=20
a trojan pickle into this process. That leaves a big security hole if thi=
s=20
script (or scripts like it) are run by a privelidged administrator uid. I=
=20
know I have been making this mistake until recently.
> I find it hard to get excited about pickle security given all the
> other problems with the system.
One at a time.
--=20
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson