Tcl - outside manual page
- NAME
- outside - The outside security policy.
- SYNOPSIS
- policy outsde
- DESCRIPTION
- FEATURES
- CONFIGURATION
- SEE ALSO
- KEYWORDS
NAME
outside - The outside security policy.SYNOPSIS
policy outsdeDESCRIPTION
The outside security policy installs features into a Safe-Tcl interpreter that allow a Tclet to connect to resources outside a site's Intranet only. The intent of this policy is to enable access only to resources that are outside the Intranet and not under the control of your site's system administrators.The FEATURES section describes the features enabled by this policy. The section on CONFIGURATION discusses how to disable or enable use of this policy by Tclets on your site and the resources controlled by the policy's configuration. For a discussion of security issues pertaining to features enabled by this policy see the manual pages for each feature.
FEATURES
The outside policy enables the persist, url and network features. For a discussion of these features see their manual pages.CONFIGURATION
The policies section of the application's master configuration controls whether Tclets hosted by the application are able to use the policy. If the policy is not allowed in this section, it can not be used by Tclets hosted in the application. For the Tcl plugin, the outside policy is allowed by default. To change this setting, edit the plugin.cfg file in the ::config::configDir directory. The config manual page describes the syntax of configurations and how to manage configurations.The outside policy uses a configuration stored in the outside.cfg file in the directory ::cfg::configDir. The configuration has the following sections:
- features
- This section allows the persist, network and url features to be installed into a Tclet.
- aliases
- This section enables the aliases provided by the allowed features.
- urls
- This section controls what URLs can be used in aliases provided by the url feature. Edit this section to ensure that only URLs for resources outside your site's Intranet can be used.
- hosts ports
- This section allows the socket command to open connections to remote services running on specified hosts and ports. If your site is protected by a firewall that prevents socket connections to services on hosts outside the firewall, you should ensure that this section disallows all hosts and ports. If your site is protected by a firewall that does allow connections from inside the firewall to services running on hosts outside the firewall, you should edit the section to ensure that only outside services are accessible. Also ensure that the section disables connections to redirecting proxies that straddle the firewall itself.
- persist
- This section, if present, defines constants that control resource consumption by the persist feature when used in this policy. If this section is absent, the default settings are used.
SEE ALSO
config, policy, url, network, plugin, persistKEYWORDS
Safe-Tcl, policy, access, socket, URL, persistent local storageTcl Plugin 2.0