 |
|||||||
|
 |
|
|||||
|
 |
|
|
||||
|
 |
|
|||||
|
Securing TCL AccessOne of the most powerful features of AREV is TCL. Therein lies both its usefulness and its dangerousness. Giving users TCL access is something that I have always counselled against as it is so difficult to ensure that they do not do anything to destroy the system. However, here is a technique that makes this concern a thing of the past. In the AREV environment, TCL is a window, like any other window, stored in the commands file. Thus by painting the window we can modify the behaviour and characteristics of TCL. To secure TCL all that is required is a Post Process on the TCL prompt that checks the user's entry and privilege level to ensure that they are not attempting to do something that we have explicitly forbidden them from doing. The ways in which this could be implemented are many-fold but one way is shown below. 0001 SUBROUTINE SECURE.TCL 0002 $INSERT INCLUDE, WINDOW_COMMON% 0003 IF @PRIVILEGE = 0 THEN 0004 * 0005 * As "Super User" permit anything 0006 * 0007 WC_VALID% = 1 0008 END ELSE 0009 * 0010 * Only allow the following 0011 * 0012 OK = "LIST,SORT,SELECT,MERGE,SAVELIST,SAVE-LIST,GETLIST,GET-LIST" 0013 FW = WC_IS%[1," ") 0014 WC_VALID% = 0 0015 LOCATE FW IN OK USING "," SETTING POS THEN 0016 * 0017 * In allowed list so let through 0018 * 0019 WC_VALID% = 1 0020 END ELSE 0021 * 0022 * See if one of our catalogued routines is so, allow it through. 0023 * Substitute the name of your BP file for BP 0024 * 0025 VOC.REC = XLATE("VOC", FW, "", "X") 0026 IF VOC.REC<1> = "RBASIC" THEN 0027 IF VOC.REC<3> = "BP" THEN 0028 WC_VALID% = 1 0029 END 0030 END 0031 END 0032 END 0033 IF WC_VALID% ELSE 0034 CALL MSG("Invalid Command %B%", "T1", "", "") 0035 END 0036 RETURN (Volume 1, Issue 9, Page 10) |
|
|||||
|
 |
|
|||||
|
| |
|||||
|
|||||||