On 8 Dec 2000, David N. Welton wrote:
> > I was wondering if it is possible to make some authorization with
> > dtcl (without using htaccess/sql mods)?
> Of course - I'll put it in my queue, which at this point looks like
> this:
Great.
> 3) Investigate safe interpreters.
I could send you my tcl code to provide safe interpreting of articles.
It uses subst, replaces <+ +> to [] and (which actually works a bit
different than should, but ... works :). It uses safe interpreters, then
removes almost every command (except I suppose 3 commands) and adds only
ones defined in ::eval namespace of the originating interpreter.
What wonders me more is availibility to hack through safe interpreter.
Let's say my interp only allows me to use my proc:
proc cmd_test {args} {
hputs [join $args "<BR>\n"]
}
What are the chances of someone executing something else than cmd_test in
the safe interpreter... (mostly exec command)
> And of course I have some other things to work on. If anyone would
> like to help out with the authorization stuff, it would be welcome.
Not me ;-)
I'm currently working on testing mod_dtcl :P
Wojciech Kocjan
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
