21.html

Tcl 语言的入门级图书

<HTML><TITLE>The Browser Plugin and Safe-Tcl</TITLE><BODY BGCOLOR="#FFF0E0" VLINK="#0FBD0F" TEXT="#101000" LINK="#0F0FDD">
<A NAME="top"><H1>The Browser Plugin and Safe-Tcl</H1>
<I> Online chapter from <A HREF="javascript:if(confirm('http://www.mapfree.com/sbf/tcl/book/home.html  \n\nThis file was not retrieved by Teleport Pro, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?'))window.location='http://www.mapfree.com/sbf/tcl/book/home.html'" tppabs="http://www.mapfree.com/sbf/tcl/book/home.html">Tcl/Tk for Programmers</A> (with exercises and solutions).</I>
<P>
<P>  There are two ways of executing Tcl files obtained from other computers:
with the Tcl interpreter and with the browser plugin.  With the first method,
you use some standard technique for obtaining the file containing the Tcl or
Tk script.  With the second, your browser downloads the script which is
provided by some Web server.  Such scripts are called <CITE><NAME=#Gtclet>tclets</CITE>.
Tcl helps you protect your computer from the dangers of executing Tcl scripts
accepted from other computers.  Currently, there is more help through the
browser plugin than there is with the ordinary Tcl interpreter.  But either
way, you get some support and the main point of this chapter is to explain that
support.

<P>  Why accept scripts from other computers?  One reason is to extend the
capabilities of your Web browser.  Another is to give more flexibility to your
information systems.

<P>  Here is a hypothetical example. A company sends out a sales team armed with
laptops.  These laptops contain complicated information about products,
availability, and possible configurations of products.  The information in
these laptops is updated nightly via a modem.  Rather than reload the entire
database, the updating is controlled by an ad hoc, downloaded script on the
client.  Using ad hoc downloaded scripts permits the salespersons' laptops to be
updated in quite different ways from day to day.

<P>  This hypothetical company has many branch offices whose managers 
extract reports daily from the home office.  These reports depend on information in
a formal database <CITE>and</CITE> other places.  This information is made available
in a custom Tcl interpreter running on a central computer that will execute
report-generating scripts uploaded from the branch offices.  This interpreter
provides commands that are normally not considered interpreter commands and
lacks commands that are normally available in a Tcl interpreter.  The effect
is to support the report-generating scripts without permitting these scripts
to access inappropriate information or to access appropriate information in an
inappropriate way.

<P>  A few branch offices have a programmer capable of maintaining the daily
report-generating script.  Others make use of a programmer from the central
office who travels from branch to branch.  Both approaches are treated the
same way: the script is kept and maintained in the branch and uploaded to the
central office when a report is to be generated.  This method gives branch
managers flexible control over their daily reports.  This control includes the
ability to use a locally hired programmer if desired.  The potential privacy 
and integrity problems that you might expect to arise when inexperienced
programmers upload scripts to central servers are minimized by executing those
scripts in a constrained Tcl interpreter that does not permit database
alterations or arbitrary snooping.

<P>  In a customized Tcl/Tk interpreter, some commands may be completely missing,
others may be limited in their power, and yet others may be specialized ways
of accomplishing specialized tasks.  Whether you are extending the powers of a
Web browser, communicating with a salesperson's laptop, or generating custom
reports from a company server, the use of a customized intepreter can help to
protect the integrity and privacy of your data as well as to provide script
writers with powerful, specialized tools.

<P>  This chapter explains Safe-Tcl, a mechanism for creating such
customized interpreters.  The chapter also describes a plugin for popular Web
browsers which is built upon the Safe-Tcl mechanism.  The plugin has its own
security mechanism which is quite flexible and which is accessible to
system administrators who have scant knowledge of Tcl.  To aid system
administrators, I have written the first two sections of this chapter in a way
that does not require knowledge of earlier material in this book.

<P> In the Tcl literature the words <CITE><NAME=#Gscrtyplcy>security policy</CITE> usually refer
to the rules under which a given kind of tclet will run rather than to an
overall security plan.  Indeed, the words "security policy" have often been
used to reference the files that describe these rules to Tcl.

<P> Before using any of the techniques of this chapter, you need to determine
both your security goals and your operational goals.  After that, you can plan
to adopt a set of security policies which permit the operational goals to be
achieved without breaching the security goals.  If this planning step seems
impossible, you may have to change some of your goals.

<P><DL><DD>

<STRONG>21.1 <A HREF="21.1.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.1.html">The Tcl/Tk Plugin</A></STRONG><BR>

<STRONG>21.2 <A HREF="21.2.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.2.html">Combining Features into Policies</A></STRONG><BR>

<STRONG>21.3 <A HREF="21.3.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.3.html">Writing Tclets</A></STRONG><BR>

<STRONG>21.4 <A HREF="21.4.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.4.html">Customizing Slave Interpreters</A></STRONG><BR>

<STRONG>21.5 <A HREF="21.5.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.5.html">Safe-Tcl</A></STRONG><BR>

<STRONG>21.6 <A HREF="21.6.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.6.html">Solutions to Exercises</A></STRONG><BR>

</DL>

<!-- Linkbar -->
<P><CENTER><FONT SIZE=2><NOBR>
<STRONG>Previous</STRONG>
<A HREF="20.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/20.html">chapter</A><WBR>
<STRONG> | Next</STRONG>
<A HREF="22.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/22.html">chapter</A><WBR>
<STRONG> | All</STRONG>
<A HREF=" javascript:if(confirm('http://www.mapfree.com/sbf/tcl/book/select/Html/| Contents.html  \n\nThis file was not retrieved by Teleport Pro, because it was redirected to an invalid location.  You should report this problem to the site\'s webmaster.  \n\nDo you want to open it from the server?'))window.location='http://www.mapfree.com/sbf/tcl/book/select/Html/| Contents.html'" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/| Contents.html">chapters</A><WBR>
<STRONG> | Section</STRONG>
<A HREF="21.1.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/21.1.html">one</A><P>
<STRONG>Related to</STRONG>
<A HREF="javascript:if(confirm('http://www.mapfree.com/sbf/home.html  \n\nThis file was not retrieved by Teleport Pro, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?'))window.location='http://www.mapfree.com/sbf/home.html'" tppabs="http://www.mapfree.com/sbf/home.html">Software Build and Fix</A><WBR>
<STRONG> | From</STRONG>
<A HREF="javascript:if(confirm('http://www.mapfree.com/sbf/tcl/home.html  \n\nThis file was not retrieved by Teleport Pro, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?'))window.location='http://www.mapfree.com/sbf/tcl/home.html'" tppabs="http://www.mapfree.com/sbf/tcl/home.html">Zimmer's Tcl/Tk Page</A><WBR>
<STRONG>| Author</STRONG>
<A HREF="javascript:if(confirm('http://www.mapfree.com/mp/jaz/home.html  \n\nThis file was not retrieved by Teleport Pro, because it is addressed on a domain or path outside the boundaries set for its Starting Address.  \n\nDo you want to open it from the server?'))window.location='http://www.mapfree.com/mp/jaz/home.html'" tppabs="http://www.mapfree.com/mp/jaz/home.html">J. A. Zimmer</A><WBR>
<STRONG>| Copyright</STRONG>
<A HREF="copyright.html" tppabs="http://www.mapfree.com/sbf/tcl/book/select/Html/copyright.html">Notice</A>
<P>
<I>Jun 17, 1998</I>
 </NOBR></FONT></CENTER></BODY></HTML>