[ZODB-Dev] ZEO signal feature

Guido van Rossum guido@python.org
Mon, 23 Sep 2002 14:35:47 -0400


> On Mon, Sep 23, 2002 at 12:27:21PM -0400, Guido van Rossum wrote:
> > > On Mon, Sep 23, 2002 at 12:07:49PM -0400, Jeremy Hylton wrote:
> > > > I'm trying to clear out the backlog of ZEO todo items in hopes of
> > > > getting another beta release out soon.  I'd like to accommodate the
> > > > use cases that lead to the signal code, but I wonder if we could
> > > > consider some other alternatives.
> > > 
> > > We have been working on a SecureZEO class this week that subclasses
> > > ClientStorage and the basic Storage. We're trying to get a solution that
> > > doesn't avoid changing ZEO, but we might need to. Can we send patches
> > > your way for review, to check if it is acceptable for integration? 
> > 
> > Of course.  Can you clarify the use case?
> 
> In our specific case, we need to be able to provide access control for
> individual ClientStorage users. The mechanism doesn't, for now, need to
> be fine-grained, but we would like this to evolve in the future to a
> permissions mechanism. We think permissions can be implemented
> externally to ZODB/ZEO (as soon as access control is in place), but
> haven't honestly looked a lot into it.
> 
> We assume that the server itself is secure (and for local apps, that the
> permissions on the .fs file only allow access through the ZEO), which is
> in our opinion perfectly acceptable, and simplifies things a lot.

What do you mean by "the server itself is secure"?  Anyone who can
make a TCP connection to your ZEO server can connect to it.  This is
why we recommend running ZEO only inside a firewall.

> We have been working on something very simple for now - passing a
> username/password pair over RPC when initializing ClientStorage, and
> having the server authenticate that U/P and, if invalid, raise an
> authentication exception. The password is crypted to difficult things
> for evil packet sniffers, but proper protocol security is easily
> implemented by connecting to ZEO through stunnel.
> 
> Has anyone worked on specifying this before? 
> 
> We're at the point where we need to specify a custom StorageServer to
> ServerStub to avoid having to do a hack like:
> 
>     # Evil hack ahead
>     def auth (self, username, password):
>         self.rpc.call ('auth', username, password)
>     ServerStub.StorageServer.auth = auth

[Aside: please no spaces between function name and '('.  It hurts my
eyes. :-]

> auth() is called by the client in testConnection(), and the server
> checks during register() to see if auth was performed successfully; dies
> if not.
> 
> Johan should send a patch in shortly for a first attempt.

Sounds like a plan.  This looks like a good use case for what Jeremy
was proposing.

--Guido van Rossum (home page: http://www.python.org/~guido/)