|
| The Browser Plugin and Safe-Tcl |
|
|
There are two ways of executing Tcl files obtained from other computers:
with the Tcl interpreter and with the browser plugin. With the first method,
you use some standard technique for obtaining the file containing the Tcl or
Tk script. With the second, your browser downloads the script which is
provided by some Web server. Such scripts are called Why accept scripts from other computers? One reason is to extend the capabilities of your Web browser. Another is to give more flexibility to your information systems. Here is a hypothetical example. A company sends out a sales team armed with laptops. These laptops contain complicated information about products, availability, and possible configurations of products. The information in these laptops is updated nightly via a modem. Rather than reload the entire database, the updating is controlled by an ad hoc, downloaded script on the client. Using ad hoc downloaded scripts permits the salespersons' laptops to be updated in quite different ways from day to day. This hypothetical company has many branch offices whose managers extract reports daily from the home office. These reports depend on information in a formal database and other places. This information is made available in a custom Tcl interpreter running on a central computer that will execute report-generating scripts uploaded from the branch offices. This interpreter provides commands that are normally not considered interpreter commands and lacks commands that are normally available in a Tcl interpreter. The effect is to support the report-generating scripts without permitting these scripts to access inappropriate information or to access appropriate information in an inappropriate way. A few branch offices have a programmer capable of maintaining the daily report-generating script. Others make use of a programmer from the central office who travels from branch to branch. Both approaches are treated the same way: the script is kept and maintained in the branch and uploaded to the central office when a report is to be generated. This method gives branch managers flexible control over their daily reports. This control includes the ability to use a locally hired programmer if desired. The potential privacy and integrity problems that you might expect to arise when inexperienced programmers upload scripts to central servers are minimized by executing those scripts in a constrained Tcl interpreter that does not permit database alterations or arbitrary snooping. In a customized Tcl/Tk interpreter, some commands may be completely missing, others may be limited in their power, and yet others may be specialized ways of accomplishing specialized tasks. Whether you are extending the powers of a Web browser, communicating with a salesperson's laptop, or generating custom reports from a company server, the use of a customized intepreter can help to protect the integrity and privacy of your data as well as to provide script writers with powerful, specialized tools. This chapter explains Safe-Tcl, a mechanism for creating such customized interpreters. The chapter also describes a plugin for popular Web browsers which is built upon the Safe-Tcl mechanism. The plugin has its own security mechanism which is quite flexible and which is accessible to system administrators who have scant knowledge of Tcl. To aid system administrators, I have written the first two sections of this chapter in a way that does not require knowledge of earlier material in this book. In the Tcl literature the words Before using any of the techniques of this chapter, you need to determine both your security goals and your operational goals. After that, you can plan to adopt a set of security policies which permit the operational goals to be achieved without breaching the security goals. If this planning step seems impossible, you may have to change some of your goals.
|
![[Sample TK Application]](Zimmer.jpg)
Author's Home Page |
|
![[Book's Cover]](cover.gif)
Order from Amazon. |