[ZODB-Dev] ZEO and Security

Bill Anderson bill@libc.org
07 May 2001 16:39:14 -0600


On 07 May 2001 16:06:11 -0400, Steve Waterbury wrote:
> Andrew Kuchling wrote:
> 
> > I'm doubtful that it can be made convincingly secure, though, because
> > there's no obvious small core of code to be audited.  ...
> > 
> > Somewhere Bruce Schneier wrote about partial security being worse than
> > no security, because it encourages doing riskier things, making the
> > damage from a breach more serious when one does happen.  If you
> > document the ZODB and ZEO as being unsafe, then people will simply
> > have to design their systems in a way that protects the ZODB from
> > being exposed to the outside world.
> 
> I agree with Andrew.  The "security" constraints that are built in 
> to DBMS's are not up to modern security requirements 
> for direct access from the net ....  I think applications that 
> need real security will need to depend on a channel or wrapper 
> technology that is widely used and frequently scrutinized by 
> security experts, the way ssh and tcp wrappers are.  

Seems to me you are confusing transport security with authorization.

There are two basic issues:
  Transport Security
    Here is where you generally encrpyt the traffic, or the data

  Authorization Security
    Is user Joe allowed to do what he is asking to do?

There is a difference. For example, when you connect to your ISP's mail
server you are performing the latter. If they wrap it in an encrypted
connection, that is the former. Either can exist with or without the
other. I am looking for the latter, not the former.What good is an
encrpyted stream data if anyone can connect?

Bill