Re: [tcljava-dev] security of tcljava
Brought to you by:
mdejong
Menu
▾
▴
Re: [tcljava-dev] security of tcljava
|
From: Mo D. <md...@un...> - 2004-02-24 08:15:42
|
On Mon, 23 Feb 2004 11:31:11 +0800 (CST) Fang Yidong <fan...@ya...> wrote: > I am planning to use tcl(java) in my email system to allow users to write their own email filters in tcl,and maybe the tcl filter can be shared among the users.Is it a good idea? Or is there any email system that has implemented it? > > But the security is an issue.I don't want to allow a none-privileged user to open files,execute unix commands,open socket,make stack overflow and so on.That is,I'd like to make the tcl filters written by a none-privileged user run in a "sand box",only with limited tcl commands,while a system tcl filter can do anything in a traditional way if it is authorized. Just use an child interp and only allow the Tcl commands you want to allow. You can find documentation for how this is all done online: http://www.tcl.tk/software/plugin/safetcl.html cheers Mo DeJong |
