*This project is no longer actively maintained. If you'd like to become the maintainer, please let us know.* ZeroDB is an end-to-end encrypted database. Data can be stored and queried on untrusted database servers without ever exposing the encryption key. Clients can execute remote queries against the encrypted data without downloading all of it or suffering an excessive performance hit.
ZODB on which we base uses Python pickles which are known to be insecure in terms of arbitrary code execution (and jsonpickle doesn't help). We could be affected by this problem if multiple users are allowed to write to the same database and one of them is compromised.
We will switch to some other object serialization for now, but according to @jimfulton, a quick workaround exist:
This bit is a bit overblown since this can be locked down, which ZODB does some.
There's a storage implementation somewhere that allows you to specify
a globals whitelist.
ZODB on which we base uses Python pickles which are known to be insecure in terms of arbitrary code execution (and jsonpickle doesn't help). We could be affected by this problem if multiple users are allowed to write to the same database and one of them is compromised.
We will switch to some other object serialization for now, but according to @jimfulton, a quick workaround exist: