[Zope-DB] cannot secure DCOracle2 connection string?

Jim Abramson jabramson at wgen.net
Fri Sep 12 15:04:15 EDT 2003


>If I restrict "View" and/or "Access Contents Information" on the containing folder...the connection_string of the dco2 connection can't be accessed - but of course, because the connection cannot be used either (nor anything else in the Folder). 
>
>Meanwhile, restricting either "View" or "Access Contents Information" on the connection object itself seems to have no effect - that is, anyone with Manager can put a python script anywhere, find the dco2 connection object, read and print its connection_string.
>
>Is this catch-22, or am I missing something? Is it impossible to have a DCOracle2 connection that can be used by Zope pages, without exposing the connection_string to anyone with ZMI access?
>

Hmm...  it's probably always been that way.   One way you could change 
that, I think is to do a global replace on "connection_string" with 
"_connection_string".  You might also be able to modify the DA.py file's 
Connection object to set something like connection_string__roles = 
('Manager,') to only allow managers to see the connection string.  I'm 
actually very rusty on that section of the code, I'm afraid.

--- 
Thanks Matt. I used the "_connection_string" approach you suggested, but I've applied it not only in DCO2 but also the Shared.DC.ZRDB as well. A simple measure that seems to be working (I'm still testing it).

With minimal changes to the ZRDB.Connection class, DCO2.DA.py and db.py (adding the underscore), and removing the dtml-var tag that renders connection_string on the manage_edit page - database passwords are never printed now.

The only drawbacks I'm aware of (and I can easily live with them):
1 - can't edit the title of a db connection via ZMI without knowing the connection string (darn!)
2 - gotta query the db to get the username you're connected as
3 - any existing db connection objects seem to get hosed as soon as you restart with these changes implemented - they'll all have to be recreated. But once recreated they seem to survive (and stay connected) after subsequent shutdown/startups.

Hope this is helpful to others...
JSA



More information about the Zope-DB mailing list