NAME
inside - The inside security policy.
SYNOPSIS
policy inside
DESCRIPTION
FEATURES
CONFIGURATION
features
aliases
urls
hosts ports
persist
SEE ALSO
KEYWORDS

NAME

inside - The inside security policy.

SYNOPSIS

policy inside

DESCRIPTION

The inside security policy installs features into a Safe-Tcl interpreter that allow a Tclet to connect only to resources inside a site's Intranet. The intent of this policy is to enable access only to resources that are inside the Intranet and controlled by trusted system administrators.

The FEATURES section describes the features enabled by this policy. The section on CONFIGURATION discusses how to enable or disable use of this policy by Tclets and the resources that are controlled by the policy's configuration. Security issues are discussed in the manual page for each feature allowed by the inside policy.

FEATURES

The inside policy enables the persist, url and network features. For a discussion of these features see the persist, url and network manual pages.

CONFIGURATION

The policies section of the application's master configuration controls whether Tclets hosted by the application are able to use the policy. If the policy is not allowed in this section, it can not be used by any Tclet hosted in the application. For the Tcl plugin, the inside policy is disallowed by default. Edit the plugin.cfg file in the directory ::cfg::configDir to modify this setting. The config manual page discusses configuration management and the syntax of configuration files.

The inside policy uses a configuration stored in the inside.cfg file in the directory ::cfg::configDir. The configuration has the following sections:

features
The features section selects which features to install into a Tclet. It allows the persist, url and network features to be installed.

aliases
The aliases section enables aliases provided by the persist, url and network features to be installed into a Tclet.

urls
This section controls what URLs can be used in aliases provided by the url feature. Edit this section to enable access to URLs on your site's Intranet only.

hosts ports
This section allows the socket alias to open connections to remote services running on specified hosts and ports. If your site is protected by a firewall that prevents connections from inside the firewall to services on hosts outside of it, your only concern is to restrict access to those internal services that you wish to enable. If the site is protected by a transparent firewall that allows direct connections from inside to services running on hosts outside the firewall, ensure that only services on the inside of the firewall are accessible. In either case, you must also prevent access to redirecting proxies straddling your site's firewall.

persist
This section, if present, defines constants that control the resource consumption by the persist feature when used in this policy. If the section is absent, the default settings are used.

SEE ALSO

safe, config, policy, url, network, plugin, persist

KEYWORDS

Safe-Tcl, policy, access, socket, URL, persistent local storage
Tcl Plugin 2.0