[ZODB-Dev] ZEO and Security
Michel Pelletier
michel@digicool.com
Mon, 7 May 2001 12:48:02 -0700 (PDT)
On 7 May 2001, Bill Anderson wrote:
> On 07 May 2001 11:06:20 -0700, Michel Pelletier wrote:
> > Security is outside the domain of the database. ZODB does not know
>
> Since when??
>
> Pretty much all RDMS servers I've used have a security mechanism.
I should have been more clear, as Jeremy pointed out, obviously access to
the database itself should be constrained.
> > If you want security like the Zope application enforces, then you need to
> > either duplicate that security in your app (ugh) or just use Zope as the
> > ZEO client. Zope's interfaces are now HTML, but there's no reason why
> > they could not be some GUI framework. It sounds like what you are writing
> > is more of a "ZODB-browser". Probably an easier task yes, but not as
> > useful.
>
> Exactly, i don't want to go through and duplicate the zope security
> machinerey, and the full extent of it is not even neccesary. it seems
> anathema to the OS mantra of code reuse. Why should everyone reimplement
> database security for each app?
Because different applications have different requirements.
> All we really need for basic security
> 9again, which is all that is ebing asked), is a hook, such that db
> access goes through before being allowed to operate.
I was under the impression that you were looking for object-level access
controls. Which is what Zope implements in its security
machinery. Implementing something similar in ZEO is possible, but as
Jeremy also pointed out, a big project.
-Michel