[ZODB-Dev] ZEO client-server security
John D. Heintz
jheintz@isogen.com
Sat, 26 May 2001 13:36:35 -0500
This is precisely where we are headed with ZODBCorbaFramework on my proje=
cts.
It basically wraps a ZODB Connection as a CORBA session of object referen=
ces.=20
This requires security to still be handled on the server side, but at lea=
st=20
there is a clear place where to handle it.
Search www.zope.org for ZODBCorbaFramework to see the original packaging =
of=20
what we've done. Since then we've made significant improvements but also=
=20
lost some clear framework-application code separation.
I'm happy with how we are using omniORBpy 1.3 now and just need to refact=
or=20
to get everything where it belongs and then I can put up a new version.
John
On Thursday 24 May 2001 19:19, Jeremy Hylton wrote:
> >>>>> "CW" =3D=3D Chris Withers <chrisw@nipltd.com> writes:
>
> CW> The problem with ZEO in this context, as I understand it, is
> CW> that you have to trust anyone with a ZEO client that can connect
> CW> to your server completely as security would have to be
> CW> implemented as part of the client, which could obviously be
> CW> tampered with.
>
> CW> Have I got that right?
>
> I think so.
>
> The problem is that ZEO deal with object representations. If you give
> a client read access to an object, it gets the entire object. If it
> can write an object, it can send you an arbitrary object. There's no
> mechanism to enforce an object's interface, limit access to certain
> methods, etc. It's all or nothing.
>
> That's why a distributed object system might make sense. The server
> uses persistence to manage objects that are served to clients. The
> clients just get a stub that can be used to invoke methods on the
> object stored at the server.
>
> Jeremy
>
>
>
> _______________________________________________
> For more information about ZODB, see the ZODB Wiki:
> http://www.zope.org/Wikis/ZODB/
>
> ZODB-Dev mailing list - ZODB-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zodb-dev
--=20
=2E . . . . . . . . . . . . . . . . . . . . . . .
John D. Heintz | Senior Engineer
1016 La Posada Dr. | Suite 240 | Austin TX 78752
T 512.633.1198 | jheintz@isogen.com
w w w . d a t a c h a n n e l . c o m