[ZODB-Dev] ZEO client-server security
Chris Withers
chrisw@nipltd.com
Thu, 24 May 2001 21:23:19 +0100
> This is highly dependent on the ORB used. ORBit, f.e., doesn't support
> built-in authentication, and you're left with implementing the
> autentication yourself. CORBA Security defines authentication methods, but
> I have yet to see an implementation working (which isn't to mean there are
> none; just that I have seen none working).
This sounds like the interfaces arethere but haven't been implemented?
Is that the case? If so, it's a step ahead of a raw ZEO connection ;-)
The problem with ZEO in this context, as I understand it, is that you have
to trust anyone with a ZEO client that can connect to your server completely
as security would have to be implemented as part of the client, which could
obviously be tampered with.
Have I got that right?
cheers,
Chris