[ZODB-Dev] ZEO Server Security (long)

[Toby Dickenson]

On Friday 17 January 2003 4:48 pm, Jeremy Hylton wrote:

> Agreed.  The ZEO server is not secure.  A large system configuration
> must use other means to address security issues (for better or worse).

Agreed. I am trying to probe the limits of ZEO security to see what "othe=
r=20
means" are necessary, because I dont think this is well understood.

> But a client can already do arbitrary damage to a database.

Even to storage servers marked as read only? Hmmm.

I do accept that a read/write storage can have its *content* damaged, but=
 this=20
is still different. For example.....

Zope's cvs has a zeopack.py script that opens a connection to a zeo serve=
r and=20
calls the pack method. Today it is possible for a compromised Zope to inj=
ect=20
a trojan pickle into this process. That leaves a big security hole if thi=
s=20
script (or scripts like it) are run by a privelidged administrator uid. I=
=20
know I have been making this mistake until recently.

> I find it hard to get excited about pickle security given all the
> other problems with the system.

One at a time.

--=20
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson