On Thu, 24 May 2001, Tim Cook wrote:
Michel Pelletier wrote:
XMLRPC could do this, but I'm afraid it would be seriously limited. XMLRPC is very useful, but it does not map as well as it could onto the python object model. I would prefer to see a GUI client running in the same process space as a ZEO client, this way the GUI client could do everything that Zope could do and re-use alot of the existing interfaces (like security, acquisition, script objects, etc).
Michel, I took this off list because it was off topic for the thread. But feel free to Cc it back if you feel it's important. I think it was covered a few weeks ago on the -dev list but couldn't locate it.
It's not off topic so I'm cc:ing the list.
Anyway, the question is: I thought I had read that using ZEO basically by-passed the Zope security model? Maybe I was thinking of direct ZODB access?
This is a good question. Using ZEO does bypass the Zope security model, but then again, Zope bypasses the Zope security model. Zope is, essentially, a client that implements an application on top of a persistent database. Why can't your client do the same thing? Zope enforces security upon its users using tested, re-usable interfaces. You're should essentially change the user interface to the Zope core code by making it call wxPython widgets or whatever instead of spewing HTML to a browser over a socket. If this GUIfied ZEO client ran on the same machine as the server, it would actually be safer than a "real" Zope ZEO client, which is exposed to the web. We use ZEO clients to access Zope through many different interfaces, not necessarily all of them over a network, or running in a context we don't trust. We use ZEO clients to debug zope from the command line, to serve just FTP or a monitor server, and each different way of doingit is just a shim on top of the core Zope interfaces. By going with xml-rpc, you'll be shoving *very* rich interface semantics of a full blown windowing sytem down the tiny semantic straw of xml-rpc, to try and manipulate interfaces that were originally indented to be used by medium to poor semantic HTML interfaces. If you use a ZEO client, there are no bottle necks. You could render the object system in 3D OpenGL if you wanted to, and still enforce the user. Jerome's ZShell script shows how this can be done safely. His shell is essentialy just another interface to the Zope core code. It would be very dangerous if it did not use Zope's security API to restrict its actions. In zshell's case, the interface is really simple, a command line. It is probably not as safe to to grant access to this command line over unprotected networks. and it would be unsafe to expose a GUIfied ZEO client to unprotected networks, but this is easily mitigatable with things like ssh or ssl. -Michel