On 2002.11.28, Jeff Hobbs <[EMAIL PROTECTED]> wrote:
> > how can "unsafe" tcl commands be removed or disabled? I think this would
> be
> > done before compiling Tcl, so that they are disabled at that level...
> > Reason is to protect (better) against someone that is able to infiltrate
> code
> > fragments to the running webserver.
>
> Just do 'rename unsafeCmd {}'. There is no need to do it at the C level.
Is there a standard package that one could require that does this, so
that people don't have to independently go and discover which are and
aren't safe? Perhaps with a way to specify the level of safety you want
to enforce ...
-- Dossy
--
Dossy Shiobara mail: [EMAIL PROTECTED]
Panoptic Computer Network web: http://www.panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
