⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 211.html

📁 Tcl 语言的入门级图书
💻 HTML
📖 第 1 页 / 共 2 页
字号:
🔍
12 
to see the value of one of <TT>originURL</TT>, <TT>originHomeDirURL</TT>, or
any other variable described in <TT>plugin.cfg</TT>.
<P>
<A HREF="21.6.html#Sol21.1a" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.6.html#Sol21.1a">Solution</A></DL>


<P> <STRONG>Remarks</STRONG> <OL>
<P><LI> You need to use <TT>getattr</TT> instead
of normal Tcl variable substitution because these variables are not freely
available in the interpreter that runs the tclet.  These belong to the master
interpreter that processes the configuration files.  
<P><LI> Before writing patterns for <TT>allow</TT> and
<TT>disallow</TT>, you should look at some values of <TT>originURL</TT> with the
method described in Exercise 21.1a.  You will notice that the port number
<TT>:80</TT> is always part of the URL.  You will probably notice that the domain
name is always in lowercase letters.  These are things you must keep in
mind when writing patterns for your installation.
</OL>

<P> <P><A NAME="21.1b">
<STRONG>Exercise 21.1b</STRONG> </A><DL><DD>
  Which of the following URLs,

<PRE>
http://www.MapFree.com/sbf/tcl/book/canvas.tcl
http://sunscript.sun.com/plugin/v2/share.html
</PRE>

are accepted by the following section?

<PRE>
section urls
allow http://www.mapfree.com/*
allow http://sunscript.sun.com/*
disallow http://sunscript.sun.com/plugin/*
</PRE>
<P>
<A HREF="21.6.html#Sol21.1b" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.6.html#Sol21.1b">Solution</A></DL>


<P>  There is a way in which string matching does not follow the glob style.
Numeric strings matched with a pattern such as <TT>&#62;10</TT> or <TT>&#60;=90</TT> must be
numbers that satisfy the given inequality for a match to occur.

<P> <P><A NAME="21.1c">
<STRONG>Exercise 21.1c</STRONG> </A><DL><DD>
 Which of the following string pairs,

<PRE>
sunscript.sun.com 3
mapfree.com 3
sunscript.sun.com 2001
mapfree.com 2001
</PRE>

are accepted by this section?

<PRE>
section hosts ports
allow * &#62;0
disallow mapfree.com *
disallow * &#60;1024
</PRE>
<P>
<A HREF="21.6.html#Sol21.1c" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.6.html#Sol21.1c">Solution</A></DL>



<A NAME="thrzngtclt">
<H3>Authorizing a Tclet</H3></A>

<P>  
<P>  Currently, the verification that a tclet may operate under a particular
security policy depends on the URL that was used to fetch the tclet.
Authorizations are made in <TT>plugin.cfg</TT> in the enabling statement that
allows a particular policy to be used.  The following two statements appear in
the policies section of <TT>plugin.cfg</TT> as shipped.

<PRE>
allow home
allow javascript ifallowed trustedJavascriptURLs $originURL
</PRE>

The first accepts the policy named "home" for any URL.  The second
needs more explanation.

<P> You know from the previous section that an enabling statement will have at
least as many arguments as given to the governing <TT>section</TT> statement.
Sometimes there can be more arguments than specified by the <TT>section</TT>
statement.  The most important way for this to happen is for the first additional
argument to be <TT>ifallowed</TT>. 

<P> The enabling statements just shown appear in a policies section so one
argument is expected for them.  The use of <TT>ifallowed</TT> above declares that
a match with the <TT>javascript</TT> pattern is not acceptable unless the string
contained in <TT>originURL</TT> meets the criteria declared in the section named
<TT>trustedJavascriptURLs</TT>.  A section of this name is included in
<TT>plugin.cfg</TT> for the sole purpose of defining the URLs of those tclets
which may run under the javascript policy.  It looks like this:

<PRE>
section trustedJavascriptURLs
  allow http://sunscript.sun.com:80/plugin/javascript/*
</PRE>

You can edit <TT>plugin.cfg</TT> and change the enabling statement(s) in this
section so that they define exactly those URLs which you wish to have
access to the javascript policy on your machine.

<P>  The default <TT>plugin.cfg</TT> has no additional section for the home policy
because this policy is permitted for any tclet.  If you wanted to change that
you would define a new section that would accept tclets for the home policy.
If the new section is declared with <TT>section trustedHomeURLs</TT>, you would
change <TT>allow home</TT> to

<PRE>
allow home ifallowed trustedHomeURLs $originURL
</PRE>

<P>  
<P>  The inside, outside, and trusted policies, by default, are not permitted for
any tclets and so they also lack sections defining which URLs may be used to
download tclets for them.  To change that you would create those sections and
change the appropriate <TT>disallow</TT> statement to a suitable <TT>allow</TT>
statement.  Do not enable the inside or outside policies without first reading below
in 
<A HREF="21.2.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.2.html">Combining Features into Policies</A>.

<P><A NAME="21.1d">
<STRONG>Exercise 21.1d</STRONG> </A><DL><DD>
  Edit <TT>plugin.cfg</TT> so that the trusted policy may
be run by any tclet whose URL begins with <TT>file:</TT><CITE>...</CITE> .
<P>  If this is inappropriate for your situation then change it back right
away.  In general, as you edit any of the configuration files, you should
make a backup copy first so that it will be easy to revert to the original
version.
<P>
<A HREF="21.6.html#Sol21.1d" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.6.html#Sol21.1d">Solution</A></DL>


<P><A NAME="21.1e">
<STRONG>Exercise 21.1e</STRONG> </A><DL><DD>
 Try to edit <TT>plugin.cfg</TT> so that the home policy accepts
all tclets except those coming from the author's domain, <TT>Mapfree.com</TT>.
<P>  Discuss the difficulties you have with this exercise.
<P>  If this is inappropriate for your situation then change it back right
away.  In general, as you edit any of the configuration files, you should
make a backup copy first so that it will be easy to revert to the original
version.
<P>
<A HREF="21.6.html#Sol21.1e" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.6.html#Sol21.1e">Solution</A></DL>


<P> <STRONG>Remark</STRONG> <DL><DD>
<P> Beyond the difficulties brought to light in Exercise 21.1e, the method of
using the URL from which a tclet comes to authorize that tclet for a security
policy has a major theoretical flaw.  A malicious entity that has gained
control of the network around you can do "domain name spoofing," that is, can
make you think you are obtaining tclets from server <CITE>A</CITE> when you are, in
fact, obtaining them from server <CITE>B</CITE>.
<P> For most of us, this theoretical flaw is not too important.  But if the
integrity and privacy of your data is valuable enough, you have to take the
military planner's view and assume that whatever is possible for the enemy to
do will, in fact, be done.
</DL>

<A NAME="prsstntstrgfrtclts">
<H3>Persistent Storage for Tclets</H3></A>


<P>  All the security policies listed above allow tclets to save and recover a
few, size-limited files.  Under these policies, a tclet uses the usual file
handling commands to work with files but, in reality, these file handling
commands are different in that the <TT>open</TT> command does not permit
piping and strips all directory information from file names to enforce the
rule that the plugin and not the script determines which directory is used.

<P>  A tclet can only access files in one particular directory each time it
executes.  This directory is not chosen in a straightforward way.  Luckily
you do not need to know the exact method.  What you need to know is that the
directory name is chosen for a given policy name and URL path by an injection
(that is, a one-to-one function).  Here "policy name" means the name of the
policy under which the tclet is running and "URL path" means the URL from
which the tclet was fetched.  

<P>  Knowing the storage directory is a one-to-one function of a policy name and
a URL pathname tells you that a tclet is prevented from accessing another
tclet's files or from accessing its own files if it stored those files while
executing under a different security policy.  This observation, however, is
slightly wrong because the concept of "URL path" is more flexible than I
have explained so far.
<P> 
<P>  Using a technique described below in 
<A HREF="21.3.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.3.html">Writing Tclets</A>, a tclet can change the URL
path used for determining its storage directory!  However, its freedom in
making that change is greatly limited.  In particular, a tclet can remove a
suffix of the URL path &#150; provided that suffix is not so long it includes the
part of the URL which determines the server and port.  For example, a tclet
fetched with this URL,

<PRE>
http://www.mapfree.com:80/sbf/tcl/book/safeTk.tcl
</PRE>

can arrange for the URL path used in finding its persistent storage
directory to be

<PRE>
http://www.mapfree.com:80/sbf/tcl/book
</PRE>


The effect of this would be to permit this tclet to share persistent storage
with any other tclet obtained from the same directory on the same server and
running under the same security policy.

<P>  The shortest URL path that this tclet can use is

<PRE>
http://www.mapfree.com:80/
</PRE>

The effect of using this path would be to permit this tclet to share
persistent storage with any other tclet obtained from the same server.

<P>  Of course, in either case, the other tclet that is sharing the persistent
storage must similarly shorten its URL path if data sharing is to occur.

<P>  What this flexibility means is, when you set up your authorizations to
use security policies, you must assume that tclets obtained from the same
server and running under the same security policy will be able to share
persistent data.
<P>  As a system administrator, you are concerned with where in your directory
tree these persistent-file directories will actually appear.  They appear as a
subtree that is rooted in the directory declared in a TEMP or TMP environment
variable.  The root of this subtree is a directory named <TT>persist</TT>.  

<P> <STRONG>Remark</STRONG> <DL><DD> 
<P>  The next section describes a method available to system administrators to
permit tclets running under different policies to share persistent storage.
I do not recommend its use.
<P>  </DL>

<!-- Linkbar -->
<P><CENTER><FONT SIZE=2><NOBR>
<STRONG>From</STRONG>
<A HREF="javascript:if(confirm('http://www.mapfree.com/sbf/tcl/book/home.html  \n\nThis file was not retrieved by Teleport Pro, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?'))window.location='http://www.mapfree.com/sbf/tcl/book/home.html'" tppabs="http://www.mapfree.com/sbf/tcl/book/home.html">Tcl/Tk For Programmers</A><WBR>
<STRONG>Next</STRONG>
<A HREF="21.2.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.2.html">section</A><WBR>
<STRONG>All</STRONG>
<A HREF="21.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.html">sections</A><WBR>
<STRONG>Author</STRONG>
<A HREF="javascript:if(confirm('http://www.mapfree.com/mp/jaz/home.html  \n\nThis file was not retrieved by Teleport Pro, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?'))window.location='http://www.mapfree.com/mp/jaz/home.html'" tppabs="http://www.mapfree.com/mp/jaz/home.html">J. A. Zimmer</A><WBR>
<STRONG>Copyright</STRONG>
<A HREF="copyright.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/copyright.html">Notice</A><WBR>
<P>
<I>Jun 17, 1998</I>
 </NOBR></FONT></CENTER></BODY></HTML>
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -