[Zope-DB] cannot secure DCOracle2 connection string?
jabramson at wgen.net
Fri Sep 12 15:04:15 EDT 2003
>If I restrict "View" and/or "Access Contents Information" on the containing folder...the connection_string of the dco2 connection can't be accessed - but of course, because the connection cannot be used either (nor anything else in the Folder).
>Meanwhile, restricting either "View" or "Access Contents Information" on the connection object itself seems to have no effect - that is, anyone with Manager can put a python script anywhere, find the dco2 connection object, read and print its connection_string.
>Is this catch-22, or am I missing something? Is it impossible to have a DCOracle2 connection that can be used by Zope pages, without exposing the connection_string to anyone with ZMI access?
Hmm... it's probably always been that way. One way you could change
that, I think is to do a global replace on "connection_string" with
"_connection_string". You might also be able to modify the DA.py file's
Connection object to set something like connection_string__roles =
('Manager,') to only allow managers to see the connection string. I'm
actually very rusty on that section of the code, I'm afraid.
Thanks Matt. I used the "_connection_string" approach you suggested, but I've applied it not only in DCO2 but also the Shared.DC.ZRDB as well. A simple measure that seems to be working (I'm still testing it).
With minimal changes to the ZRDB.Connection class, DCO2.DA.py and db.py (adding the underscore), and removing the dtml-var tag that renders connection_string on the manage_edit page - database passwords are never printed now.
The only drawbacks I'm aware of (and I can easily live with them):
1 - can't edit the title of a db connection via ZMI without knowing the connection string (darn!)
2 - gotta query the db to get the username you're connected as
3 - any existing db connection objects seem to get hosed as soon as you restart with these changes implemented - they'll all have to be recreated. But once recreated they seem to survive (and stay connected) after subsequent shutdown/startups.
Hope this is helpful to others...
More information about the Zope-DB