socket host port
fconfigure channel ?options...?
The procedures that are provided by this feature are described in the PROCEDURES section, and the settings that control the behavior of these procedures at runtime are explained in the CONFIGURATION section. The security implications of this feature are discussed in the section SECURITY.
section hosts ports allow www.sun.com >1024 disallow *.cs.mysite.edu <1025 allow *.cs.mysite.edu 1030
This configuration allows sockets to be opened on ports whose number is greater than 1024 on www.sun.com. It also disallows connections to any ports whose number is less than 1025 on all hosts in the network domain cs.mysite.edu. It also allows connections to services running on the well known port 1030 on all hosts in the network domain cs.mysite.edu.
Network sockets allow a Tclet to connect to remote resources that are not under the client's control and which are not administered by the client. This poses a privacy risk because information that the Tclet gleans from the client's host may be disclosed to other parties not under the client's control. You must carefully consider the risks when combining this feature with other features, especially those that allow access to local resources such as files stored on the local file system.
There is no limit on the number of sockets that a Tclet can open at any one time. This can be used by malicious or erroneous Tclets to mount resource attacks, to cause the hosting applications to run out of network resources or file descriptors. When this happens, no other sub-system running in the hosting application will be able to make network connections using sockets. In the Tcl plugin, if the Tclet is executing in an external process and not in the address space of the hosting browser, only the external process runs out of network resources, while the hosting browser continues to be able to connect to remote sites. See the plugin manual entry for more details.
A socket can be maliciously or mistakenly be put into blocking mode, by using the fconfigure command. Sockets are in blocking mode when they are first opened with the socket command. If the Tclet tries to read from the socket when there is no input available, or if it tries to write when the output buffer is full, the Tclet can block the entire hosting application. In the Tcl plugin, if a Tclet is executing in an external process and not in the address space of the hosting browser, only the external process is blocked and the browser continues to function normally. Thus this only affects other Tclets that may be executing at the same time.
Another risk incurred by the network feature is a risk to your reputation. If you allow a Tclet to connect to the SMTP or NNTP services on any host, the Tclet can forge news articles or send electronic mail using your name. These articles, which appear to be from you, could contain damaging statements that you yourself would never write.
You can minimize these risk by carefully curtailing the hosts and ports to which a Tclet can connect in the hosts ports section of the configuration for the security policy used by the Tclet. Note that you should never allow connections to redirecting services such as FTP or HTTP proxy services, because you effectively lose control over which hosts the Tclet can connect to. Unless you have reason to trust the Tclet, you should probably also disallow connections to the NNTP and SMTP services on any hosts.
Carefully examine the set of hosts to which a connection can be made when specifying wildcards and patterns for host names in the configuration. Find out exactly what hosts are included or excluded by each pattern.
To minimize the chances of incorrect configuration, the network feature allows only connections to numeric ports and not to named services. This eliminates the possibility that a service would be disallowed by name but is port would be allowed.
If you do not have complete control over the accessible services executing on a host, avoid numeric ranges (e.g. >1024 or 3000-4000) in allow statements.