- NAME
- inside - The inside security policy.
- SYNOPSIS
- policy inside
- DESCRIPTION
- FEATURES
- CONFIGURATION
- features
- aliases
- urls
- hosts ports
- persist
- SEE ALSO
- KEYWORDS
inside - The inside security policy.
policy inside
The inside security policy installs features into a Safe-Tcl
interpreter that allow a Tclet to connect only to resources inside a
site's Intranet.
The intent of this policy is to enable access only to resources that are
inside the Intranet and controlled by trusted system administrators.
The FEATURES section describes the features enabled by this policy.
The section on CONFIGURATION discusses how to enable or disable use
of this policy by Tclets and the resources that are controlled by the
policy's configuration.
Security issues are discussed in the manual page for each feature allowed
by the inside policy.
The inside policy enables the persist, url and
network features.
For a discussion of these features see the persist, url and
network manual pages.
The policies section of the application's master configuration
controls whether Tclets hosted by the application are able to use the
policy.
If the policy is not allowed in this section, it can not be used by any
Tclet hosted in the application.
For the Tcl plugin, the inside policy is disallowed by default.
Edit the plugin.cfg file in the directory ::cfg::configDir to
modify this setting.
The config manual page discusses configuration management and the
syntax of configuration files.
The inside policy uses a configuration stored in the inside.cfg
file in the directory ::cfg::configDir.
The configuration has the following sections:
- features
-
The features section selects which features to install into a Tclet.
It allows the persist, url and network features to be
installed.
- aliases
-
The aliases section enables aliases provided by the persist,
url and network features to be installed into a Tclet.
- urls
-
This section controls what URLs can be used in aliases provided by the
url feature.
Edit this section to enable access to URLs on your site's Intranet
only.
- hosts ports
-
This section allows the socket alias to open connections to remote
services running on specified hosts and ports.
If your site is protected by a firewall that prevents connections from
inside the firewall to services on hosts outside of it, your only concern
is to restrict access to those internal services that you wish to enable.
If the site is protected by a transparent firewall that allows direct
connections from inside to services running on hosts outside the firewall,
ensure that only services on the inside of the firewall are accessible.
In either case, you must also prevent access to redirecting proxies straddling
your site's firewall.
- persist
-
This section, if present, defines constants that control the resource
consumption by the persist feature when used in this policy.
If the section is absent, the default settings are used.
safe, config, policy, url, network, plugin, persist
Safe-Tcl, policy, access, socket, URL, persistent local storage
Tcl Plugin 2.0