"David N. Welton" wrote:
>
> What are the goals for using a safe interpreter? There are a couple
> of different things people could want out of it, depending on how they
> are using mod_dtcl, and I'd like to know what is of most interest.
My main objective is simply to make it harder to break into a site. If a
script has a security hole through which user input gets eval'ed or
subst'ed, a safe interpreter will limit the amount of harm possible
(thus satisfying paranoid customers ;-)
> > We need to define exactly where Tcl is superiour to other languages
> > and "sell" it for those purposes.
>
> The main 'target' I see is PHP. Something like Zope is just a
> different beast, but the same people who use PHP are the same people
> who might be interested in something like mod_dtcl, IMO.
I agree 100%. mod_dtcl is an obvious alternative to php. Zope is
something entirely different. For projects where the capabilities of
Zope are needed and its relatively complexity and steep learning curve
is acceptable, it's the obvious choise. I have no experience with Zope
yet, but in the future I'll probably use Zope for sites that need Zope's
capabilities and mod_dtcl for simple things and things where a lot of
highly customized text-building is needed (currently I use mod_dtcl to
implement an on-line stamp catalogue, for instance).
> I've been doing a bit of work on this:
>
> http://michael.cleverly.com/aolserver/nstcl
>
> which seems like a reasonable API, both to provide a unified database
> API, as well as providing a variety of util functions.
Looks great! Especially the common DB-API is much needed.
--
J�rgen Fr�jk Kj�rsgaard, Systemkonsulent (Systems Consultant)
Inform@ticon ApS * Web: www.informaticon.dk * Tlf: 8672 0093
Internet programmering * Systemudvikling p� Linux, FreeBSD og PalmOS
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
