Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: - A Zope security hole comes up, which gives you all permissions within Zope. Yeah, so you patch Zope pronto. What you're doing doesn't really mitigate anything. Do you worry about SSH vulnerabilities? What are you doing to mitigate them? mounting all your file systems as read only? sheesh, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: I don't really. But when i present my security assessment report saying "Zope has never had a compomising security issue." i'll get the (expected) answer "Sooner or later, everything gets broken." and i will have to additionally demonstrate why compomising zope (in term of accessing the ZMI) will have minimum effect on the overall system operation. This is a totally lame argument. Go home, unplug all your electrical devices, and never switch them back on. That's the only way you'll get the security you're asking for. Seriously, just get over it... I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. I could say that, for this project, i am using Zope: - as a much safer alternative to CGI - for its templating machinery - because it is built on Python and the project is based on Python - i like Zope :-) You should take a look at Zope 3. Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: Well, i am running zope under root privileges in "read-only" mode. What does this mean? I am opening the ZODB in read-only, using the appropriate parameter in the conf file. How odd, do you do that with your relational database too? What are you seeking to do or prevent? I want a number of external methods to run with "root" privileges for performing specific tasks (older thread, "root privileges required", 27/7/2004) If there is a Zope break-in, What does that mean? I think of it as a break-in in the ZMI. You are lacking sanity to worry about any of the stuff in the above chunk in the way that you are... cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Tino Wildenhain wrote: I want to have full access rights on the database through the external methods. Usually you dont want that. Yes, usually i don't. Sane security constrains on database save you a lot mistakes if done right. You can also use views and stored functions to further tighten your security. Really, this reasoning may apply on regular projects. For my case, let me explain: - Say, you want to read/write a DB through Zope. - You have a read-only ZODB, so you cannot change anything. - The user-folder is based on an external authentication mechanism. - A Zope security hole comes up, which gives you all permissions within Zope. - You want to minimize the casualties of this attack. I think database constrains are not applicable for this scenario. Also, i don't want any application logic within the database, so stored procedures are not an option either. I believe that using ZSQLmethods for this setup will/might allow an attacker to: - retrieve information about the database (schema-wise) [ <- not so important] - retrieve/modify records [ <- much more important ] I (maybe falsely) think Zope as a "sandbox" environment. I cannot "operate" as root within this sandbox, so i need external methods. Why not moving all my "non-restricting"/"privileged" actions outside this sandbox, so that if someone breaks-in the sandbox i might stand a better chance to keep him there for a while longer? Following this reasoning, i created a single external method [a true SPOF :-) ] which does all the dirty work. Bad done external methods are more likely to open security holes. Of course! I trust the Zope developers to be much more of a coder than me! :-) I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. What is it instead? :) Got you intrigued huh?? :-) It is a webmin/usermin-like suite for Linux. The approach is quite different, both commercially and architecturally. I am pretty sure it is probably the most "unconventional" use of Zope up to now. :-) I could say that, for this project, i am using Zope: - as a much safer alternative to CGI but not if compromized :) Indeed!! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
... i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this. Then put constraints in on your database, or make the whole connection read-only. I want to have full access rights on the database through the external methods. Usually you dont want that. Sane security constrains on database save you a lot mistakes if done right. You can also use views and stored functions to further tighten your security. Bad done external methods are more likely to open security holes. You're really buying nothing with all this other than wasting a lot of your time... I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. What is it instead? :) I could say that, for this project, i am using Zope: - as a much safer alternative to CGI but not if compromized :) - for its templating machinery - because it is built on Python and the project is based on Python - i like Zope :-) Greets Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Chris Withers wrote: Vangelis Mihalopoulos wrote: [zope -> ] (which btw i believe to be very secure) The why do you consider it a risk? I don't really. But when i present my security assessment report saying "Zope has never had a compomising security issue." i'll get the (expected) answer "Sooner or later, everything gets broken." and i will have to additionally demonstrate why compomising zope (in term of accessing the ZMI) will have minimum effect on the overall system operation. i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this. Then put constraints in on your database, or make the whole connection read-only. I want to have full access rights on the database through the external methods. You're really buying nothing with all this other than wasting a lot of your time... I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. I could say that, for this project, i am using Zope: - as a much safer alternative to CGI - for its templating machinery - because it is built on Python and the project is based on Python - i like Zope :-) Thanks for your comments! Vangelis ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Chris Withers wrote: Have a look at the ZSQL methods code, I remember this being pretty old and convoluted :-( Ok, thanks! I take a look. Well, i am running zope under root privileges in "read-only" mode. What does this mean? I am opening the ZODB in read-only, using the appropriate parameter in the conf file. What are you seeking to do or prevent? I want a number of external methods to run with "root" privileges for performing specific tasks (older thread, "root privileges required", 27/7/2004) If there is a Zope break-in, What does that mean? I think of it as a break-in in the ZMI. i want to minimize interference with the database. Which database? I use a MySQL database for storing some info. Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. As Jens already explained, .pyc's and pyo's can be decompiled in a matter of minutes, so you're getting nothing for this worry other than finding debugging a pain ;-) Yes, i fully understand the disadvantages, but i have dealt with the debugging with some custom exception handling/tracing. And, believe me, i don't have illusions about the secrecy offered by compiled python scripts. :-) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: I am loading the zodb in read-only mode. If someone breaks into Zope What do you mean by this? (which btw i believe to be very secure) The why do you consider it a risk? i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this. Then put constraints in on your database, or make the whole connection read-only. You're really buying nothing with all this other than wasting a lot of your time... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: Tino Wildenhain wrote: The threading is handled by the ZDA, so you can use query() or what the method actually is. I couldn't find a method like that... any hints? Have a look at the ZSQL methods code, I remember this being pretty old and convoluted :-( Otoh, what do you think you gain from circumventing ZSQL Methods? Well, i am running zope under root privileges in "read-only" mode. What does this mean? What are you seeking to do or prevent? If there is a Zope break-in, What does that mean? i want to minimize interference with the database. Which database? Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. As Jens already explained, .pyc's and pyo's can be decompiled in a matter of minutes, so you're getting nothing for this worry other than finding debugging a pain ;-) cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Dieter Maurer wrote: Vangelis Mihalopoulos wrote at 2005-10-19 12:22 +0300: ... I am thinking of using a Z Database Connection (mysql) from within an external method, without using Z SQL Methods, but can't figure out how i can "safely" do it Calling a "DA" object gives you a low level connection object (a "db" object). It has a "query" method. Calling it provides "safe" SQL execution. Thanks, this is what i had in mind. >From other posts, I understood that you want to do special things. Yes, this is true. In such cases, reading the source is necessary Yes, i know. But this would take me much more time than sending an email to the Zope list and getting quick help from experienced Zopistas, time that i unfortunately cannot afford. Of course, reviewing product code on other cases wasn't such a big overhead and i got my task done. -- and being prepared that things may change between releases... Of course... :-) I follow the recommendation of others to use ZSQL methods... I am loading the zodb in read-only mode. If someone breaks into Zope (which btw i believe to be very secure) i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this. Thanks for your comments, helpful as always! - Vangelis ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote at 2005-10-19 12:22 +0300: > ... >I am thinking of using a Z Database Connection (mysql) from within an >external method, without using Z SQL Methods, but can't figure out how i >can "safely" do it Calling a "DA" object gives you a low level connection object (a "db" object). It has a "query" method. Calling it provides "safe" SQL execution. >From other posts, I understood that you want to do special things. In such cases, reading the source is necessary -- and being prepared that things may change between releases... I follow the recommendation of others to use ZSQL methods... -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: Tino Wildenhain wrote: The threading is handled by the ZDA, so you can use query() or what the method actually is. I couldn't find a method like that... any hints? It is indeed the 'query' method, which you pass a string with SQL. It comes from Zope/lib/python/Shared/DC/ZRDB/dbi_db.py, inherited through a long path. You might also look at ExtZSQLMethod. http://www.zope.org/Members/jccooper/extzsql --jcc -- "Building Websites with Plone" http://plonebook.packtpub.com/ Enfold Systems, LLC http://www.enfoldsystems.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Otoh, what do you think you gain from circumventing ZSQL Methods? Well, i am running zope under root privileges in "read-only" mode. If there is a Zope break-in, i want to minimize interference with the database. Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. Umh, no, it's not. Don't fool yourself thinking that deliverying .pyc or .pyo files is in any way "meaningful" or safe or both. It's not. They can be decompiled, easily. jens ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Tino Wildenhain wrote: The threading is handled by the ZDA, so you can use query() or what the method actually is. I couldn't find a method like that... any hints? Otoh, what do you think you gain from circumventing ZSQL Methods? Well, i am running zope under root privileges in "read-only" mode. If there is a Zope break-in, i want to minimize interference with the database. Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos schrieb: Hi, I want an external method to access a mysql database on each call. For now, i open up a new connection on every call, but this probably won't scale much either on performance (new connection on each call is quite an overhead) or availability (the number of open connections is restricted). I am thinking of using a Z Database Connection (mysql) from within an external method, without using Z SQL Methods, but can't figure out how i can "safely" do it... It crossed my mind to take a peek to the Z SQL Method source, but i don't know if such an approach would be thread safe... The threading is handled by the ZDA, so you can use query() or what the method actually is. Otoh, what do you think you gain from circumventing ZSQL Methods? Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] database connections from external method
Hi, I want an external method to access a mysql database on each call. For now, i open up a new connection on every call, but this probably won't scale much either on performance (new connection on each call is quite an overhead) or availability (the number of open connections is restricted). I am thinking of using a Z Database Connection (mysql) from within an external method, without using Z SQL Methods, but can't figure out how i can "safely" do it... It crossed my mind to take a peek to the Z SQL Method source, but i don't know if such an approach would be thread safe... Any thoughts? Thanks, Vangelis ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections in a multi-Zope zeo environment
Dennis Allison wrote at 2005-8-14 14:11 -0700: > ... >1. When I open a database connection with the connection string > > -u dbroot -h localhost -passwd mypassword > >what machine is accessed? I'm presuming localhost is always the local >machine. Is that correct? If not, the name "localhost" were an extremely bad choice: You (or more likely your system administrator) are free to map the name "localhost" to whatever IP address you like. But, if you decide to map it to anything different than your local host, you are worth the confusion you will get >2. How do I open a remote database connection so it works transparently >across multiple instances of Zope? The Zope code, shared across >instances, uses a single connection with a connection string like > > -u dbroot -h 192.168.0.3 -passwd somepassword Why do you ask us? These questions concern the meaning of MySQL connection strings and have nothing to do with Zope. I assume that the options in these connection strings were well chosen: then "-h" means "host". This would mean the connection described by the above string is to host "192.168.0.3" (it usually is better to use names rather than IP addresses). >Presumably each of the remote machines (and the database server if it >runs Zope) needs an entry in the grant table. Yes, if that is necessary that MySQL grants access > And all the database >connections need to share the same password. Right? If they use the same object (in the same ZEO), then the connection string is identical across all ZEO clients. If they use different objects, the connection strings can vary >3. Since queries are bound to their connection, there appears to be no >easy way to manage connections in a simple way programmatically. What? What has the management of connections (which Zope does automatically for you) has to do with the binding of queries to connections? -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] database connections in a multi-Zope zeo environment
I am sure this is a synaptic disconnect, but I can't seem to get my head around this one. I have remote Zopes (call them "A", "B", "C" ) and a database server ("D"). I also have a bunch of mysql databases. All of the machines run mysql. All the Zope instances share the same Data.fs connected via Zeo. The two cases of interet are how to access a local database, that is, one the same machine as the running Zope, and, how to access a remote mysql database. ZMYSQLDA provides a static binding to connections. MYSQL grants access privileges based on source IP address. So, here are my questions: 1. When I open a database connection with the connection string -u dbroot -h localhost -passwd mypassword what machine is accessed? I'm presuming localhost is always the local machine. Is that correct? 2. How do I open a remote database connection so it works transparently across multiple instances of Zope? The Zope code, shared across instances, uses a single connection with a connection string like -u dbroot -h 192.168.0.3 -passwd somepassword Presumably each of the remote machines (and the database server if it runs Zope) needs an entry in the grant table. And all the database connections need to share the same password. Right? 3. Since queries are bound to their connection, there appears to be no easy way to manage connections in a simple way programmatically. Any help/comments much appreciated. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Database Connections
There is probably a (real) RDB connection per Zope thread times the number of database connection objects that are in use in your ZODB. Or something equally baffling. ;-) - C On Wed, 2005-08-10 at 16:41 -0400, Asad Habib wrote: > Has anyone had problems with Zope hanging on to database connections? I am > using MySQL with Zope and when I last checked there were 25 connections > (both active and sleeping connections included). I only have 5 > Zope database objects so I don't know how so many connections were > created. Any help would be greatly appreciated. Thanks. > > - Asad > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Database Connections
Has anyone had problems with Zope hanging on to database connections? I am using MySQL with Zope and when I last checked there were 25 connections (both active and sleeping connections included). I only have 5 Zope database objects so I don't know how so many connections were created. Any help would be greatly appreciated. Thanks. - Asad ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )