Vangelis Mihalopoulos wrote:
Well, i am running zope under root privileges in read-only mode.
What does this mean?
I am opening the ZODB in read-only, using the appropriate parameter in
the conf file.
How odd, do you do that with your relational database too?
What are you seeking to do
Vangelis Mihalopoulos wrote:
I don't really. But when i present my security assessment report saying
Zope has never had a compomising security issue. i'll get the
(expected) answer Sooner or later, everything gets broken. and i will
have to additionally demonstrate why compomising zope (in
Vangelis Mihalopoulos wrote:
- A Zope security hole comes up, which gives you all permissions within
Zope.
Yeah, so you patch Zope pronto. What you're doing doesn't really
mitigate anything. Do you worry about SSH vulnerabilities? What are you
doing to mitigate them? mounting all your file
Chris Withers wrote:
Have a look at the ZSQL methods code, I remember this being pretty old
and convoluted :-(
Ok, thanks! I take a look.
Well, i am running zope under root privileges in read-only mode.
What does this mean?
I am opening the ZODB in read-only, using the appropriate
Chris Withers wrote:
Vangelis Mihalopoulos wrote:
[zope - ] (which btw i believe to be very secure)
The why do you consider it a risk?
I don't really. But when i present my security assessment report saying
Zope has never had a compomising security issue. i'll get the
(expected) answer
...
i don't want him to be able to directly access (read/write) the
database i am using. *AFAIK*, ZSQLMethods won't do for this.
Then put constraints in on your database, or make the whole connection
read-only.
I want to have full access rights on the database through the external
Tino Wildenhain wrote:
I want to have full access rights on the database through the
external methods.
Usually you dont want that.
Yes, usually i don't.
Sane security constrains on database save you a lot mistakes if done
right. You can also use views and stored
functions to further
Vangelis Mihalopoulos wrote:
Tino Wildenhain wrote:
The threading is handled by the ZDA, so you can use query() or what
the method actually is.
I couldn't find a method like that... any hints?
Have a look at the ZSQL methods code, I remember this being pretty old
and convoluted :-(
Vangelis Mihalopoulos wrote:
I am loading the zodb in read-only mode. If someone breaks into Zope
What do you mean by this?
(which btw i believe to be very secure)
The why do you consider it a risk?
i don't want him to be able to
directly access (read/write) the database i am using.
Vangelis Mihalopoulos schrieb:
Hi,
I want an external method to access a mysql database on each call. For
now, i open up a new connection on every call, but this probably won't
scale much either on performance (new connection on each call is quite
an overhead) or availability (the number of
Tino Wildenhain wrote:
The threading is handled by the ZDA, so you can use query() or what
the method actually is.
I couldn't find a method like that... any hints?
Otoh, what do you think you gain from
circumventing ZSQL Methods?
Well, i am running zope under root privileges in read-only
Otoh, what do you think you gain from
circumventing ZSQL Methods?
Well, i am running zope under root privileges in read-only mode.
If there is a Zope break-in, i want to minimize interference with
the database.
Also, since this will be a commercial product, keeping most of the
code in
Vangelis Mihalopoulos wrote:
Tino Wildenhain wrote:
The threading is handled by the ZDA, so you can use query() or what
the method actually is.
I couldn't find a method like that... any hints?
It is indeed the 'query' method, which you pass a string with SQL.
It comes from
Vangelis Mihalopoulos wrote at 2005-10-19 12:22 +0300:
...
I am thinking of using a Z Database Connection (mysql) from within an
external method, without using Z SQL Methods, but can't figure out how i
can safely do it
Calling a DA object gives you a low level connection object (a
db object).
Dennis Allison wrote at 2005-8-14 14:11 -0700:
...
1. When I open a database connection with the connection string
-u dbroot -h localhost -passwd mypassword
what machine is accessed? I'm presuming localhost is always the local
machine. Is that correct?
If not, the name localhost
I am sure this is a synaptic disconnect, but I can't seem to
get my head around this one.
I have remote Zopes (call them A, B, C ) and a database
server (D). I also have a bunch of mysql databases. All of the
machines run mysql. All the Zope instances share the same Data.fs
connected
Has anyone had problems with Zope hanging on to database connections? I am
using MySQL with Zope and when I last checked there were 25 connections
(both active and sleeping connections included). I only have 5
Zope database objects so I don't know how so many connections were
created. Any help
There is probably a (real) RDB connection per Zope thread times the
number of database connection objects that are in use in your ZODB. Or
something equally baffling. ;-)
- C
On Wed, 2005-08-10 at 16:41 -0400, Asad Habib wrote:
Has anyone had problems with Zope hanging on to database
18 matches
Mail list logo