[ZODB-Dev] ZEO signal feature
Guido van Rossum
guido@python.org
Mon, 23 Sep 2002 14:35:47 -0400
> On Mon, Sep 23, 2002 at 12:27:21PM -0400, Guido van Rossum wrote:
> > > On Mon, Sep 23, 2002 at 12:07:49PM -0400, Jeremy Hylton wrote:
> > > > I'm trying to clear out the backlog of ZEO todo items in hopes of
> > > > getting another beta release out soon. I'd like to accommodate the
> > > > use cases that lead to the signal code, but I wonder if we could
> > > > consider some other alternatives.
> > >
> > > We have been working on a SecureZEO class this week that subclasses
> > > ClientStorage and the basic Storage. We're trying to get a solution that
> > > doesn't avoid changing ZEO, but we might need to. Can we send patches
> > > your way for review, to check if it is acceptable for integration?
> >
> > Of course. Can you clarify the use case?
>
> In our specific case, we need to be able to provide access control for
> individual ClientStorage users. The mechanism doesn't, for now, need to
> be fine-grained, but we would like this to evolve in the future to a
> permissions mechanism. We think permissions can be implemented
> externally to ZODB/ZEO (as soon as access control is in place), but
> haven't honestly looked a lot into it.
>
> We assume that the server itself is secure (and for local apps, that the
> permissions on the .fs file only allow access through the ZEO), which is
> in our opinion perfectly acceptable, and simplifies things a lot.
What do you mean by "the server itself is secure"? Anyone who can
make a TCP connection to your ZEO server can connect to it. This is
why we recommend running ZEO only inside a firewall.
> We have been working on something very simple for now - passing a
> username/password pair over RPC when initializing ClientStorage, and
> having the server authenticate that U/P and, if invalid, raise an
> authentication exception. The password is crypted to difficult things
> for evil packet sniffers, but proper protocol security is easily
> implemented by connecting to ZEO through stunnel.
>
> Has anyone worked on specifying this before?
>
> We're at the point where we need to specify a custom StorageServer to
> ServerStub to avoid having to do a hack like:
>
> # Evil hack ahead
> def auth (self, username, password):
> self.rpc.call ('auth', username, password)
> ServerStub.StorageServer.auth = auth
[Aside: please no spaces between function name and '('. It hurts my
eyes. :-]
> auth() is called by the client in testConnection(), and the server
> checks during register() to see if auth was performed successfully; dies
> if not.
>
> Johan should send a patch in shortly for a first attempt.
Sounds like a plan. This looks like a good use case for what Jeremy
was proposing.
--Guido van Rossum (home page: http://www.python.org/~guido/)