On Tue, Jun 05, 2001 at 11:47:18PM +0200, Christian Theune wrote:
Hello out there.
I had following problem:
In a software, using zope as appserver, we needed to have every user
a single connection to the database (postgres 7.1) to have access-
checks on database level.
I think that this is not a very good idea.
Consider, you are moving from a realm where there is one object
(The database adapter) that needs to be tightly controlled to one
that has many objects that must be tightly controlled (the database
adapters, the database user ids, their passwords and ACL's).
What happens when a db is accessed by someone with insufficient
authority? A Zope error is raised and (unless you have caught it),
a nasty looking traceback is triggered.
It is just as much work to catch the tracebacks as it is to prevent
them from occurring. So, you are not saving any application
development time.
Given the propensity of people to reuse passwords, and the general
ease of finding user level passwords, you probably have a situation
with many weak passwords rather than one strong one.
No, in general, I recommend that you prevent people who have
insufficient authority from accessing the database in the first
place, and that you log CRUD events so that you know who is
responsible for database damage.
[Yes, this is a classic tradeoff. There is one position stated
as defense in depth. Check the user at the Zope stage, check
him again at db access time, etc. There is another that can be
summarized as put all your eggs in one basket - and watch that
basket carefully. In general, I support defense in depth,
but my experience with users is that they simply do not help you
with security. For the same reason, I will not give any users
accounts on my firewall.]
Jim Penny
I hacked into the Connection code and found, that the interfaces are
really hard to be used for this feature.
The thing is, that many people are accessing the database connection
handle directly whether I am using now a wrapper function getConnection()
to get the current connection or open one.
I am reading the current user out of the REQUEST[AUTHENTICATED_USER] and
am storing the handles in an _v_connections Dictionary, which is explicitly
not stored in database, but lets every user have exactly one connection.
Any comments on this?
--
Christian Theune - [EMAIL PROTECTED]
gocept gmbh co.kg - schalaunische strasse 6 - 06366 koethen/anhalt
tel.+49 3496 3099112 - fax.+49 3496 3099118 mob. - 0178 48 33 981
reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
