[ZODB-Dev] ZEO client-server security
Jeremy Hylton
jeremy@digicool.com
Thu, 24 May 2001 20:19:29 -0400 (EDT)
>>>>> "CW" == Chris Withers <chrisw@nipltd.com> writes:
CW> The problem with ZEO in this context, as I understand it, is
CW> that you have to trust anyone with a ZEO client that can connect
CW> to your server completely as security would have to be
CW> implemented as part of the client, which could obviously be
CW> tampered with.
CW> Have I got that right?
I think so.
The problem is that ZEO deal with object representations. If you give
a client read access to an object, it gets the entire object. If it
can write an object, it can send you an arbitrary object. There's no
mechanism to enforce an object's interface, limit access to certain
methods, etc. It's all or nothing.
That's why a distributed object system might make sense. The server
uses persistence to manage objects that are served to clients. The
clients just get a stub that can be used to invoke methods on the
object stored at the server.
Jeremy