[ZODB-Dev] Secure ZODB/ZEO channel

Ken Manheimer klm@digicool.com
Fri, 25 May 2001 12:17:01 -0400 (EDT)


A couple of days ago, someone mentioned that an SSH tunnel (or stunnel, or
whatever) is insufficient for a secure ZEO channel - i want to mention (a
bit belatedly) that something like xinetd or tcpwrappers would mitigate
the objections. Those objections were that people who could access to the
TCP/IP port could circumvent the SSH tunnel - things like xinetd and
tcpwrappers provide well tested, pretty comprehensive means of regulating
that access.

There's one other thing to consider here, as well.  ZEO can be run to talk
via a unix-domain socket (via the '-U' option - see the ZEO start.py
script).  This seems to me to offer a nice, generic access path against
which to build a secure mediator of some sort.

In general, i would question going down the avenue of building an RPC
mechanism for the purpose of implementing security around ZODB access.  
My sense is that it's a big job - perhaps the most substantial thing that
Zope does on top of the ZODB.  My thought is that if you're just looking
for a security layer, you might consider Zope.  It's not a small task.

If, on the other hand, you're looking for a persistent DB for your own a
networked object system (or you really want to build a networked object
system), then go to town...

I may be (mis)stating the obvious.

Ken