- NAME
- home - The home security policy.
- SYNOPSIS
- policy home
- DESCRIPTION
- FEATURES
- CONFIGURATION
- features
- urls
- frames
- hosts ports
- persist
- SEE ALSO
- KEYWORDS
home - The home security policy.
policy home
The home security policy installs features into a Safe-Tcl
interpreter that allow a Tclet to connect to resources on the host from
which it was loaded, its home host.
The intent of this policy is to restrict access only to resources on the
host from which the Tclet was loaded, irrespective of whether this host is
inside or outside your site's firewall.
The FEATURES section describes the features installed by the
home policy.
The CONFIGURATION section discusses how to enable or disable use of
this policy by Tclets and the resources controlled by the policy's
configuration.
Security issues are discussed in the manual page for each feature that is
enabled by this policy.
The home policy enables the persist, url and
network features.
For a discussion of these features, see their manual pages.
The policies section of the application's master configuration
controls whether Tclets hosted by the application can use this policy.
If it is not allowed by this section, Tclets are unable to use this policy
when hosted in the application.
For the Tcl plugin, the home policy is enabled by default.
Edit the plugin.cfg file in the ::cfg::configDir directory to
modify this setting.
The config manual page describes configuration management and the
syntax of configurations.
The home policy uses a configuration stored in the home.cfg
file in the directory ::cfg::configDir.
The configuration has these sections:
- features
-
This section allows the network, persist and url features
to be installed in a Tclet.
- urls
-
This section allows access only to URLs for resources that reside on the
host from which the Tclet was loaded.
It uses the Tclet originHomeDirURL attribute to restrict access only
to URLs that reside in the same directory as the file storing the Tclet's
source code.
Edit this section if you want to allow access to other URLs for resources
on the home host; the Tclet attributes originHost and originURL
may be useful in defining exactly the access you want.
Note that the default setting ensures privacy for Tclets that are loaded
from a shared host, such as from web sites managed by an Internet Service
Provicer where many users store resources on the same host accessible via
URLs.
- frames
-
This section allows by default any frame for
the displayURL command family except the empty frame (which is special).
- hosts ports
-
This section allows access via sockets only to services executing on the
host from which the Tclet was loaded.
It uses the Tclet originSocketHost attribute to restrict access.
- persist
-
This section, if present, defines constants that control resource
consumption by the persist feature when used in this policy.
If the section is absent, the default settings are used.
plugin, safe, policy, config, url, persist, network
Safe-Tcl, access, policy, feature, network, URL, socket, persistent local
storage