- NAME
- outside - The outside security policy.
- SYNOPSIS
- policy outsde
- DESCRIPTION
- FEATURES
- CONFIGURATION
- features
- aliases
- urls
- hosts ports
- persist
- SEE ALSO
- KEYWORDS
outside - The outside security policy.
policy outsde
The outside security policy installs features into a Safe-Tcl
interpreter that allow a Tclet to connect to resources outside a site's
Intranet only.
The intent of this policy is to enable access only to resources that are
outside the Intranet and not under the control of your site's system
administrators.
The FEATURES section describes the features enabled by this policy.
The section on CONFIGURATION discusses how to disable or enable use
of this policy by Tclets on your site and the resources controlled by the
policy's configuration.
For a discussion of security issues pertaining to features enabled by this
policy see the manual pages for each feature.
The outside policy enables the persist, url and
network features.
For a discussion of these features see their manual pages.
The policies section of the application's master configuration
controls whether Tclets hosted by the application are able to use the
policy.
If the policy is not allowed in this section, it can not be used by Tclets
hosted in the application.
For the Tcl plugin, the outside policy is allowed by default.
To change this setting, edit the plugin.cfg file in the
::config::configDir directory.
The config manual page describes the syntax of configurations and how
to manage configurations.
The outside policy uses a configuration stored in the
outside.cfg file in the directory ::cfg::configDir.
The configuration has the following sections:
- features
-
This section allows the persist, network and url features
to be installed into a Tclet.
- aliases
-
This section enables the aliases provided by the allowed features.
- urls
-
This section controls what URLs can be used in aliases provided by the
url feature.
Edit this section to ensure that only URLs for resources outside your
site's Intranet can be used.
- hosts ports
-
This section allows the socket command to open connections to remote
services running on specified hosts and ports.
If your site is protected by a firewall that prevents socket connections to
services on hosts outside the firewall, you should ensure that this section
disallows all hosts and ports.
If your site is protected by a firewall that does allow connections from
inside the firewall to services running on hosts outside the firewall, you
should edit the section to ensure that only outside services are
accessible.
Also ensure that the section disables connections to redirecting proxies
that straddle the firewall itself.
- persist
-
This section, if present, defines constants that control resource
consumption by the persist feature when used in this policy.
If this section is absent, the default settings are used.
config, policy, url, network, plugin, persist
Safe-Tcl, policy, access, socket, URL, persistent local storage
Tcl Plugin 2.0