tips:revmedia:v1i9a20

Securing TCL Access

Published ByDateVersionKnowledge LevelKeywords
Sprezzatura Ltd01 MAR 19901.15+EXPERTTCL, SECURE, @PRIVILEGE, WC_VALID%, WINDOW_COMMON%

One of the most powerful features of AREV is TCL. Therein lies both its usefulness and its dangerousness. Giving users TCL access is something that I have always counselled against as it is so difficult to ensure that they do not do anything to destroy the system. However, here is a technique that makes this concern a thing of the past.

In the AREV environment, TCL is a window, like any other window, stored in the commands file. Thus by painting the window we can modify the behaviour and characteristics of TCL. To secure TCL all that is required is a Post Process on the TCL prompt that checks the user's entry and privilege level to ensure that they are not attempting to do something that we have explicitly forbidden them from doing. The ways in which this could be implemented are many-fold but one way is shown below.

  SUBROUTINE SECURE.TCL
     $INSERT INCLUDE, WINDOW_COMMON%
     IF @PRIVILEGE = 0 THEN
        *
        * As "Super User" permit anything
        *
        WC_VALID% = 1
     END ELSE
        *
        * Only allow the following
        *
        OK = "LIST,SORT,SELECT,MERGE,SAVELIST,SAVE-LIST,GETLIST,GET-LIST"
        FW = WC_IS%[1," ")
        WC_VALID% = 0
        LOCATE FW IN OK USING "," SETTING POS THEN
           *
           * In allowed list so let through
           *
           WC_VALID% = 1
        END ELSE
           *
           * See if one of our catalogued routines is so, allow it through.
           * Substitute the name of your BP file for BP
           *
           VOC.REC = XLATE("VOC", FW, "", "X")
           IF VOC.REC<1> = "RBASIC" THEN
              IF VOC.REC<3> = "BP" THEN
                 WC_VALID% = 1
              END
           END
        END
     END
     IF WC_VALID% ELSE
        CALL MSG("Invalid Command %B%", "T1", "", "")
     END
  RETURN

(Volume 1, Issue 9, Page 10)

  • tips/revmedia/v1i9a20.txt
  • Last modified: 2024/06/19 20:20
  • by 127.0.0.1