[Zope-dev] RDBM Connections per User

Jim Penny jpenny@universal-fasteners.com
Tue, 5 Jun 2001 19:18:11 -0400


On Tue, Jun 05, 2001 at 11:47:18PM +0200, Christian Theune wrote:
> Hello out there.
> 
> I had following problem:
> 
> In a software, using zope as appserver, we needed to have every user
> a single connection to the database (postgres 7.1) to have access-
> checks on database level.

I think that this is not a very good idea.  

Consider, you are moving from a realm where there is one object
(The database adapter) that needs to be tightly controlled to one
that has many objects that must be tightly controlled (the database
adapters, the database user ids, their passwords and ACL's).

What happens when a db is accessed by someone with insufficient
authority?  A Zope error is raised and (unless you have caught it),
a nasty looking traceback is triggered.

It is just as much work to catch the tracebacks as it is to prevent
them from occurring.  So, you are not saving any application 
development time.

Given the propensity of people to reuse passwords, and the general
ease of finding user level passwords, you probably have a situation
with many weak passwords rather than one strong one.

No, in general, I recommend that you prevent people who have
insufficient authority from accessing the database in the first
place, and that you log CRUD events so that you know who is
responsible for database damage.

[Yes, this is a classic tradeoff.  There is one position stated
as "defense in depth".  Check the user at the Zope stage, check
him again at db access time, etc.  There is another that can be
summarized as "put all your eggs in one basket - and watch that
basket carefully".  In general, I support "defense in depth",
but my experience with users is that they simply do not help you
with security.  For the same reason, I will not give any users 
accounts on my firewall.]

Jim Penny


> 
> I hacked into the Connection code and found, that the interfaces are
> really hard to be used for this feature.
> 
> The thing is, that many "people" are accessing the database connection
> handle directly whether I am using now a wrapper function "getConnection()"
> to get the current connection or open one.
> 
> I am reading the current user out of the REQUEST["AUTHENTICATED_USER"] and
> am storing the handles in an _v_connections Dictionary, which is explicitly
> not stored in database, but lets every user have exactly one connection.
> 
> Any comments on this?
> 
> -- 
> Christian Theune - ct@gocept.com
> gocept gmbh & co.kg - schalaunische strasse 6 - 06366 koethen/anhalt
> tel.+49 3496 3099112 - fax.+49 3496 3099118 mob. - 0178 48 33 981
> 
> reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )
>