- NAME
- trusted - The trusted security policy.
- SYNOPSIS
- policy trusted
- DESCRIPTION
- FEATURES
- CONFIGURATION
- features
- aliases
- urls
- restoreCommands
- restoreVariables
- restoreArrayVariables
- markTrusted
- SEE ALSO
- KEYWORDS
trusted - The trusted security policy.
policy trusted
The trusted security policy installs features into a Safe-Tcl
interpreter that restore it to a fully trusted, unsafe state.
A Tclet running in such an interpreter is able to perform any action a
regular, trusted Tcl program could have performed.
This policy enables dangerous features that, if used properly, can allow
Tclets to be the basis for powerful and compelling we enabled applications.
The features installed by the trusted policy are described in the
FEATURES section.
The CONFIGURATION section describes how to enable or disable the use
of this policy by Tclets and the resources that are controlled by the
policy's configuration.
Security issues are discussed in the manual page for each installed feature.
The trusted policy installs all the features that are mentioned in
::cfg::featureList in the order in which they appear in the list.
For the Tcl plugin, the policy installs the url, stream,
network, persist and unsafe features, in that order.
If you installed more features into your installation of the Tcl plugin,
the new features will also be installed into a Tclet using this policy.
See the manual page for each feature to learn what facilities are provided
by the feature.
The policies section of the application's master configuration
controls whether Tclets can use the trusted policy.
If it is not allowed by this section, Tclets hosted in this application
can not use the trusted policy.
For the Tcl plugin, by default the policy is disabled.
Edit plugin.cfg in the ::cfg::configDir directory to modify
this setting.
The config manual page describes configuration management and the
syntax and organization of configurations.
The trusted policy uses a configuration stored in trusted.cfg
in the ::cfg::configDir directory.
The configuration has these sections:
- features
-
This section selects the features that are installed by the policy.
The trusted policy allows all features of the application to be
installed into a Tclet.
- aliases
-
The aliases of all installed features are enabled in this section.
- urls
-
All URLs can be used in aliases provided by the url feature.
- restoreCommands
-
This section allows all hidden commands to be re-exposed.
- restoreVariables
-
All variables whose name appears in the value of
::cfg::RestoreVariables are copied from the master interpreter into a
Tclet.
- restoreArrayVariables
-
The same as restoreVariables, except that these are array variables.
- markTrusted
-
This section defines the constant markTrusted to 1, which
causes the Tclet interpreter to be marked as trusted.
This disables hard-wired checks for safety in Tcl 8.0 and Tk 8.0, which
would otherwise prevent the Tclet from using some features.
safe, policy, config, plugin, url, persist, network, stream, unsafe
Safe-Tcl, alias, network, socket, URL, persistent local storage, JavaScript, unsafe features, electronic mail