In order for this site to work correctly, and for us to improve the site, we need to store a small file (called a cookie) on your computer.
By continuing to use this website, you agree to our cookies and privacy policy.
  
Home page Home page Home page Home page
Pixel
Pixel Header R1 C1 Pixel
Pixel Header R2 C1 Pixel
Pixel Header R3 C1 Pixel
Pixel

Securing TCL Access

One of the most powerful features of AREV is TCL. Therein lies both its usefulness and its dangerousness. Giving users TCL access is something that I have always counselled against as it is so difficult to ensure that they do not do anything to destroy the system. However, here is a technique that makes this concern a thing of the past.

In the AREV environment, TCL is a window, like any other window, stored in the commands file. Thus by painting the window we can modify the behaviour and characteristics of TCL. To secure TCL all that is required is a Post Process on the TCL prompt that checks the user's entry and privilege level to ensure that they are not attempting to do something that we have explicitly forbidden them from doing. The ways in which this could be implemented are many-fold but one way is shown below.


0001      SUBROUTINE SECURE.TCL
0002         $INSERT INCLUDE, WINDOW_COMMON%
0003         IF @PRIVILEGE = 0 THEN
0004            *
0005            * As "Super User" permit anything
0006            *
0007            WC_VALID% = 1
0008         END ELSE
0009            *
0010            * Only allow the following
0011            *
0012            OK = "LIST,SORT,SELECT,MERGE,SAVELIST,SAVE-LIST,GETLIST,GET-LIST"
0013            FW = WC_IS%[1," ")
0014            WC_VALID% = 0
0015            LOCATE FW IN OK USING "," SETTING POS THEN
0016               *
0017               * In allowed list so let through
0018               *
0019               WC_VALID% = 1
0020            END ELSE
0021               *
0022               * See if one of our catalogued routines is so, allow it through.
0023               * Substitute the name of your BP file for BP
0024               *
0025               VOC.REC = XLATE("VOC", FW, "", "X")
0026               IF VOC.REC<1> = "RBASIC" THEN
0027                  IF VOC.REC<3> = "BP" THEN
0028                     WC_VALID% = 1
0029                  END
0030               END
0031            END
0032         END
0033         IF WC_VALID% ELSE
0034            CALL MSG("Invalid Command %B%", "T1", "", "")
0035         END
0036      RETURN

(Volume 1, Issue 9, Page 10)
Pixel
Pixel Footer R1 C1 Pixel
Pixel
Pixel
Pixel