Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: Well, i am running zope under root privileges in read-only mode. What does this mean? I am opening the ZODB in read-only, using the appropriate parameter in the conf file. How odd, do you do that with your relational database too? What are you seeking to do or prevent? I want a number of external methods to run with root privileges for performing specific tasks (older thread, root privileges required, 27/7/2004) If there is a Zope break-in, What does that mean? I think of it as a break-in in the ZMI. You are lacking sanity to worry about any of the stuff in the above chunk in the way that you are... cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: I don't really. But when i present my security assessment report saying Zope has never had a compomising security issue. i'll get the (expected) answer Sooner or later, everything gets broken. and i will have to additionally demonstrate why compomising zope (in term of accessing the ZMI) will have minimum effect on the overall system operation. This is a totally lame argument. Go home, unplug all your electrical devices, and never switch them back on. That's the only way you'll get the security you're asking for. Seriously, just get over it... I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. I could say that, for this project, i am using Zope: - as a much safer alternative to CGI - for its templating machinery - because it is built on Python and the project is based on Python - i like Zope :-) You should take a look at Zope 3. Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: - A Zope security hole comes up, which gives you all permissions within Zope. Yeah, so you patch Zope pronto. What you're doing doesn't really mitigate anything. Do you worry about SSH vulnerabilities? What are you doing to mitigate them? mounting all your file systems as read only? sheesh, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Chris Withers wrote: Have a look at the ZSQL methods code, I remember this being pretty old and convoluted :-( Ok, thanks! I take a look. Well, i am running zope under root privileges in read-only mode. What does this mean? I am opening the ZODB in read-only, using the appropriate parameter in the conf file. What are you seeking to do or prevent? I want a number of external methods to run with root privileges for performing specific tasks (older thread, root privileges required, 27/7/2004) If there is a Zope break-in, What does that mean? I think of it as a break-in in the ZMI. i want to minimize interference with the database. Which database? I use a MySQL database for storing some info. Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. As Jens already explained, .pyc's and pyo's can be decompiled in a matter of minutes, so you're getting nothing for this worry other than finding debugging a pain ;-) Yes, i fully understand the disadvantages, but i have dealt with the debugging with some custom exception handling/tracing. And, believe me, i don't have illusions about the secrecy offered by compiled python scripts. :-) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Chris Withers wrote: Vangelis Mihalopoulos wrote: [zope - ] (which btw i believe to be very secure) The why do you consider it a risk? I don't really. But when i present my security assessment report saying Zope has never had a compomising security issue. i'll get the (expected) answer Sooner or later, everything gets broken. and i will have to additionally demonstrate why compomising zope (in term of accessing the ZMI) will have minimum effect on the overall system operation. i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this. Then put constraints in on your database, or make the whole connection read-only. I want to have full access rights on the database through the external methods. You're really buying nothing with all this other than wasting a lot of your time... I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. I could say that, for this project, i am using Zope: - as a much safer alternative to CGI - for its templating machinery - because it is built on Python and the project is based on Python - i like Zope :-) Thanks for your comments! Vangelis ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
... i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this. Then put constraints in on your database, or make the whole connection read-only. I want to have full access rights on the database through the external methods. Usually you dont want that. Sane security constrains on database save you a lot mistakes if done right. You can also use views and stored functions to further tighten your security. Bad done external methods are more likely to open security holes. You're really buying nothing with all this other than wasting a lot of your time... I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. What is it instead? :) I could say that, for this project, i am using Zope: - as a much safer alternative to CGI but not if compromized :) - for its templating machinery - because it is built on Python and the project is based on Python - i like Zope :-) Greets Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Tino Wildenhain wrote: I want to have full access rights on the database through the external methods. Usually you dont want that. Yes, usually i don't. Sane security constrains on database save you a lot mistakes if done right. You can also use views and stored functions to further tighten your security. Really, this reasoning may apply on regular projects. For my case, let me explain: - Say, you want to read/write a DB through Zope. - You have a read-only ZODB, so you cannot change anything. - The user-folder is based on an external authentication mechanism. - A Zope security hole comes up, which gives you all permissions within Zope. - You want to minimize the casualties of this attack. I think database constrains are not applicable for this scenario. Also, i don't want any application logic within the database, so stored procedures are not an option either. I believe that using ZSQLmethods for this setup will/might allow an attacker to: - retrieve information about the database (schema-wise) [ - not so important] - retrieve/modify records [ - much more important ] I (maybe falsely) think Zope as a sandbox environment. I cannot operate as root within this sandbox, so i need external methods. Why not moving all my non-restricting/privileged actions outside this sandbox, so that if someone breaks-in the sandbox i might stand a better chance to keep him there for a while longer? Following this reasoning, i created a single external method [a true SPOF :-) ] which does all the dirty work. Bad done external methods are more likely to open security holes. Of course! I trust the Zope developers to be much more of a coder than me! :-) I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. What is it instead? :) Got you intrigued huh?? :-) It is a webmin/usermin-like suite for Linux. The approach is quite different, both commercially and architecturally. I am pretty sure it is probably the most unconventional use of Zope up to now. :-) I could say that, for this project, i am using Zope: - as a much safer alternative to CGI but not if compromized :) Indeed!! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: Tino Wildenhain wrote: The threading is handled by the ZDA, so you can use query() or what the method actually is. I couldn't find a method like that... any hints? Have a look at the ZSQL methods code, I remember this being pretty old and convoluted :-( Otoh, what do you think you gain from circumventing ZSQL Methods? Well, i am running zope under root privileges in read-only mode. What does this mean? What are you seeking to do or prevent? If there is a Zope break-in, What does that mean? i want to minimize interference with the database. Which database? Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. As Jens already explained, .pyc's and pyo's can be decompiled in a matter of minutes, so you're getting nothing for this worry other than finding debugging a pain ;-) cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: I am loading the zodb in read-only mode. If someone breaks into Zope What do you mean by this? (which btw i believe to be very secure) The why do you consider it a risk? i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this. Then put constraints in on your database, or make the whole connection read-only. You're really buying nothing with all this other than wasting a lot of your time... Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos schrieb: Hi, I want an external method to access a mysql database on each call. For now, i open up a new connection on every call, but this probably won't scale much either on performance (new connection on each call is quite an overhead) or availability (the number of open connections is restricted). I am thinking of using a Z Database Connection (mysql) from within an external method, without using Z SQL Methods, but can't figure out how i can safely do it... It crossed my mind to take a peek to the Z SQL Method source, but i don't know if such an approach would be thread safe... The threading is handled by the ZDA, so you can use query() or what the method actually is. Otoh, what do you think you gain from circumventing ZSQL Methods? Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Tino Wildenhain wrote: The threading is handled by the ZDA, so you can use query() or what the method actually is. I couldn't find a method like that... any hints? Otoh, what do you think you gain from circumventing ZSQL Methods? Well, i am running zope under root privileges in read-only mode. If there is a Zope break-in, i want to minimize interference with the database. Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Otoh, what do you think you gain from circumventing ZSQL Methods? Well, i am running zope under root privileges in read-only mode. If there is a Zope break-in, i want to minimize interference with the database. Also, since this will be a commercial product, keeping most of the code in compiled python scripts is meaningful. Umh, no, it's not. Don't fool yourself thinking that deliverying .pyc or .pyo files is in any way meaningful or safe or both. It's not. They can be decompiled, easily. jens ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote: Tino Wildenhain wrote: The threading is handled by the ZDA, so you can use query() or what the method actually is. I couldn't find a method like that... any hints? It is indeed the 'query' method, which you pass a string with SQL. It comes from Zope/lib/python/Shared/DC/ZRDB/dbi_db.py, inherited through a long path. You might also look at ExtZSQLMethod. http://www.zope.org/Members/jccooper/extzsql --jcc -- Building Websites with Plone http://plonebook.packtpub.com/ Enfold Systems, LLC http://www.enfoldsystems.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections from external method
Vangelis Mihalopoulos wrote at 2005-10-19 12:22 +0300: ... I am thinking of using a Z Database Connection (mysql) from within an external method, without using Z SQL Methods, but can't figure out how i can safely do it Calling a DA object gives you a low level connection object (a db object). It has a query method. Calling it provides safe SQL execution. From other posts, I understood that you want to do special things. In such cases, reading the source is necessary -- and being prepared that things may change between releases... I follow the recommendation of others to use ZSQL methods... -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] database connections in a multi-Zope zeo environment
Dennis Allison wrote at 2005-8-14 14:11 -0700: ... 1. When I open a database connection with the connection string -u dbroot -h localhost -passwd mypassword what machine is accessed? I'm presuming localhost is always the local machine. Is that correct? If not, the name localhost were an extremely bad choice: You (or more likely your system administrator) are free to map the name localhost to whatever IP address you like. But, if you decide to map it to anything different than your local host, you are worth the confusion you will get 2. How do I open a remote database connection so it works transparently across multiple instances of Zope? The Zope code, shared across instances, uses a single connection with a connection string like -u dbroot -h 192.168.0.3 -passwd somepassword Why do you ask us? These questions concern the meaning of MySQL connection strings and have nothing to do with Zope. I assume that the options in these connection strings were well chosen: then -h means host. This would mean the connection described by the above string is to host 192.168.0.3 (it usually is better to use names rather than IP addresses). Presumably each of the remote machines (and the database server if it runs Zope) needs an entry in the grant table. Yes, if that is necessary that MySQL grants access And all the database connections need to share the same password. Right? If they use the same object (in the same ZEO), then the connection string is identical across all ZEO clients. If they use different objects, the connection strings can vary 3. Since queries are bound to their connection, there appears to be no easy way to manage connections in a simple way programmatically. What? What has the management of connections (which Zope does automatically for you) has to do with the binding of queries to connections? -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Database Connections
There is probably a (real) RDB connection per Zope thread times the number of database connection objects that are in use in your ZODB. Or something equally baffling. ;-) - C On Wed, 2005-08-10 at 16:41 -0400, Asad Habib wrote: Has anyone had problems with Zope hanging on to database connections? I am using MySQL with Zope and when I last checked there were 25 connections (both active and sleeping connections included). I only have 5 Zope database objects so I don't know how so many connections were created. Any help would be greatly appreciated. Thanks. - Asad ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )