[ZODB-Dev] ZEO and Security
Jeremy Hylton
jeremy@digicool.com
Mon, 7 May 2001 18:17:29 -0400 (EDT)
The protocol for connecting isn't really the issue. We could probably
get TLS/SSL with client-side certificates hooked up without too much
trouble (except for the clients that need the certificates <0.5 wink>
.) But what happens then? The authentication problem isn't that
hard, but the authorization is. The security system would need to
provide mechanism for specifying who has access to what, e.g. client X
can load object 12.
I'm not sure if storage-level security is sufficient or not, because
loading an object gets you access to all of its state. A buggy or
malicious client could modify the state of an object in a way that
violates some expected invariant, leading to errors and security
breaches down the road.
Jeremy