[ZODB-Dev] ZEO signal feature

Christian Reis kiko@async.com.br
Mon, 23 Sep 2002 15:30:23 -0300


On Mon, Sep 23, 2002 at 12:27:21PM -0400, Guido van Rossum wrote:
> > On Mon, Sep 23, 2002 at 12:07:49PM -0400, Jeremy Hylton wrote:
> > > I'm trying to clear out the backlog of ZEO todo items in hopes of
> > > getting another beta release out soon.  I'd like to accommodate the
> > > use cases that lead to the signal code, but I wonder if we could
> > > consider some other alternatives.
> > 
> > We have been working on a SecureZEO class this week that subclasses
> > ClientStorage and the basic Storage. We're trying to get a solution that
> > doesn't avoid changing ZEO, but we might need to. Can we send patches
> > your way for review, to check if it is acceptable for integration? 
> 
> Of course.  Can you clarify the use case?

In our specific case, we need to be able to provide access control for
individual ClientStorage users. The mechanism doesn't, for now, need to
be fine-grained, but we would like this to evolve in the future to a
permissions mechanism. We think permissions can be implemented
externally to ZODB/ZEO (as soon as access control is in place), but
haven't honestly looked a lot into it.

We assume that the server itself is secure (and for local apps, that the
permissions on the .fs file only allow access through the ZEO), which is
in our opinion perfectly acceptable, and simplifies things a lot.

We have been working on something very simple for now - passing a
username/password pair over RPC when initializing ClientStorage, and
having the server authenticate that U/P and, if invalid, raise an
authentication exception. The password is crypted to difficult things
for evil packet sniffers, but proper protocol security is easily
implemented by connecting to ZEO through stunnel.

Has anyone worked on specifying this before? 

We're at the point where we need to specify a custom StorageServer to
ServerStub to avoid having to do a hack like:

    # Evil hack ahead
    def auth (self, username, password):
        self.rpc.call ('auth', username, password)
    ServerStub.StorageServer.auth = auth

auth() is called by the client in testConnection(), and the server
checks during register() to see if auth was performed successfully; dies
if not.

Johan should send a patch in shortly for a first attempt.

Take care,
--
Christian Reis, Senior Engineer, Async Open Source, Brazil.
http://async.com.br/~kiko/ | [+55 16] 261 2331 | NMFL