[Zope-ZEO] ZEO client-side
Jim Fulton
jim@digicool.com
Sat, 09 Dec 2000 11:07:42 -0500
Monty Taylor wrote:
>
> Hi all.
> I've been batting the idea around of really abusing ZEO to allow for a
> per-user client instance of Zope that connected to a central ZSS server.
> The two main problems I can see right off have to do with authentication
> -
> 1) ZEO makes the assumption that anyone should be able to connect.
> Since users and roles are distributed like everything else, normally
> this shouldn't be a problem except:
> 2) A local client installs Zope/ZEO and has superuser rights, thus
> bypassing the users structure.
>
> I believe Zope 2.3 should fix the superuser, right? But am I missing
> something else, as far as users and roles are concerned?
The Zope security system (users, roles, permissions, etc.) are implemented
above ZODB (and therefore ZEO). For this reason, you can't use the Zope
security model to protect ZEO and ZEO can't respect it. If you give someone
the ability to connect with a ZEO client, you give them far more power
than the superuser. For this reason, ZEO isn't really a good
mechanaism for end-user access unless you trust your end users
(or their applications) completely. (This last restriction, does
actually admit some useful applications.)
Note that ZEO is a little like NFS, which relies on clients
to enforce security. ;)
I imagine that one could create a security model for ZODB,
but it would have to be far lower level than Zope's since you
wouldn't get to use any applications semantics. You could
probably provide something as useful as the protections provided
by RDBMS, but that's not saying much. ;)
Jim
--
Jim Fulton mailto:jim@digicool.com Python Powered!
Technical Director (888) 344-4332 http://www.python.org
Digital Creations http://www.digicool.com http://www.zope.org