You are here
The Safe-Tcl Security Model
Safe-Tcl is a mechanism for controlling the execution of programs written in the Tcl scripting language. It allows untrusted scripts (applets) to be executed while preventing damage to the environment or leakage of private information. Safe-Tcl uses a padded cell approach: each applet is isolated in a safe interpreter where it cannot interact directly with the rest of the application. The execution environment of an applet is controlled by a trusted script running in a master interpreter. Safe-Tcl supports applets using multiple security policies within an application. These policies determine what an applet can do, based on the degree to which the applet is trusted. Safe-Tcl separates security management into well-defined phases that are geared towards the party responsible for each aspect of security.