REVMEDIA FKB Articles - AREV, OI, REV G, jREV, JCDC, LIVEWATER,ADVANCED REVELATION, OPENINSIGHT, REVELATION G

RevMedia FKB

Document	V1I9A20
Title	Securing TCL Access
Keywords	TCL SECURE @PRIVILEGE WC_VALID% WINDOW_COMMON%
Text	One of the most powerful features of AREV is TCL Therein lies both its usefulness and its dangerousness Giving users TCL access is something that I have always counselled against as it is so difficult to ensure that they do not do anything to destroy the system However here is a technique that makes this concern a thing of the past In the AREV environment TCL is a window like any other window stored in the COMMANDS file Thus by painting the window we can modify the behaviour and characteristics of TCL To secure TCL all that is required is a Post Process on the TCL prompt that checks the user's entry and privilege level to ensure that they are not attempting to do something that we have explicitly forbidden them FROM doing The ways in which this could be implemented are many fold but one way is shown below SUBROUTINE SECURE TCL $INSERT INCLUDE WINDOW_COMMON% IF @PRIVILEGE = 0 THEN * * As "Super User" permit anything * WC_VALID% = 1 END ELSE * * Only allow the following * OK = "LIST SORT SELECT MERGE SAVELIST SAVE LIST GETLIST GET LIST" FW = WC_IS%[1 " ") WC_VALID% = 0 LOCATE FW IN OK USING " " SETTING POS THEN * * In allowed list so let through * WC_VALID% = 1 END ELSE * * See if one of our catalogued routines is so allow it through * Substitute the name of your BP file for BP * VOC REC = XLATE("VOC" FW "" "X") IF VOC REC<1> = "RBASIC" THEN IF VOC REC<3> = "BP" THEN WC_VALID% = 1 END END END END IF WC_VALID% ELSE CALL MSG("Invalid Command %B%" "T1" "" "") END RETURN (Volume 1 Issue 9 Page 10)

[revmedia/copyrigh.htm]

Page last modified: 30/01/03