[ZODB-Dev] ZEO and Security
Bill Anderson
bill@libc.org
06 May 2001 22:38:23 -0600
So here I am working up a neat little Gtk/GNOME app, and thinking that
ZODB/ZEO is the way to go (and get a break from all the PostgreSQL stuff
to boot), ofr all the main reasons one chooses ZEO/ZODB. :)
Then as I am getting into it something hits me. I recognize it; this
isn't the first time.
The server will be vulnerable. All the trust is put into the clients.
I can't do that this time.
I understand that a security mechanism is not on the plate until late
fall unless people start clamoring.
Clamor. Clamor. Clamor.
In the meantime, as I don't have the bandwidth to work on implementing
such a beast, does anyone have any ideas on how to get some sort of at
least basic security?
So far, the only thoughts (well, those that didn't die upon birth
anyway) I have involve doing someting like putting much of the code into
the ZODB, as in "Script (Python)"- type objects, and have the clients
call them, almost like an rpc-ish server. But that just feels
restricting, too restricting.
I know some of you have been doing ZODB-using apps; has anyone found a
way to solve this particular ZEO-related issue? It doesn't have to be
Zope-compatible (since this particular app may never see that need), but
that would be a plus :)
It seems to me that this is severely holding back broad use of ZEO
outside of the Zope world. Not to mention it would certainly help those
of us developing non-html guis for various Zope things. :)
Bill