[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)

> >the interpreter is made "safe" is to take a fully working tcl interpreter
> >(with full priveleges) at run time, and use TclDeleteCommand() to remove
> >offending commands. Safe-TCL is not emasculated at compile time, but at
> >run time.
> I have been told by folks at Sun that they are planning on doing it at
> compile-time as well as at run-time.  One of the concerns I conveyed
> was that I want to make it easy to "pull out" the safe code and give
> it a security audit.

  SafeTcl or Java? I wish SafeTcl was isolated into a separate library
with compiled-in safety so I could embed it into my applications. As it is
now, I have to just use normal Tcl and hack in the MakeInterpreterSafe()
function which removes dangerous commands.