NAME
home - The home security policy.
SYNOPSIS
policy home
DESCRIPTION
FEATURES
CONFIGURATION
features
urls
frames
hosts ports
persist
SEE ALSO
KEYWORDS

NAME

home - The home security policy.

SYNOPSIS

policy home

DESCRIPTION

The home security policy installs features into a Safe-Tcl interpreter that allow a Tclet to connect to resources on the host from which it was loaded, its home host. The intent of this policy is to restrict access only to resources on the host from which the Tclet was loaded, irrespective of whether this host is inside or outside your site's firewall.

The FEATURES section describes the features installed by the home policy. The CONFIGURATION section discusses how to enable or disable use of this policy by Tclets and the resources controlled by the policy's configuration. Security issues are discussed in the manual page for each feature that is enabled by this policy.

FEATURES

The home policy enables the persist, url and network features. For a discussion of these features, see their manual pages.

CONFIGURATION

The policies section of the application's master configuration controls whether Tclets hosted by the application can use this policy. If it is not allowed by this section, Tclets are unable to use this policy when hosted in the application. For the Tcl plugin, the home policy is enabled by default. Edit the plugin.cfg file in the ::cfg::configDir directory to modify this setting. The config manual page describes configuration management and the syntax of configurations.

The home policy uses a configuration stored in the home.cfg file in the directory ::cfg::configDir. The configuration has these sections:

features
This section allows the network, persist and url features to be installed in a Tclet.

urls
This section allows access only to URLs for resources that reside on the host from which the Tclet was loaded. It uses the Tclet originHomeDirURL attribute to restrict access only to URLs that reside in the same directory as the file storing the Tclet's source code. Edit this section if you want to allow access to other URLs for resources on the home host; the Tclet attributes originHost and originURL may be useful in defining exactly the access you want. Note that the default setting ensures privacy for Tclets that are loaded from a shared host, such as from web sites managed by an Internet Service Provicer where many users store resources on the same host accessible via URLs.

frames
This section allows by default any frame for the displayURL command family except the empty frame (which is special).

hosts ports
This section allows access via sockets only to services executing on the host from which the Tclet was loaded. It uses the Tclet originSocketHost attribute to restrict access.

persist
This section, if present, defines constants that control resource consumption by the persist feature when used in this policy. If the section is absent, the default settings are used.

SEE ALSO

plugin, safe, policy, config, url, persist, network

KEYWORDS

Safe-Tcl, access, policy, feature, network, URL, socket, persistent local storage