contents   index   previous   next



Sample Script

 

Here is a sample ScriptEase Desktop security script. If you use it, then the desktop scripts will not be allowed to use any insecure functions except a few file-related ones. In addition, Clib.fopen() will only be allowed to open files in the C:\temp\ directory.

 

function jseSecurityInit(security_var)

{

   /* allow basic file manipulations, but nothing fancy, and 

   * make sure to examine all open calls very carefully.

   */

   Clib.fopen.setSecurity(jseSecureGuard);

   Clib.fclose.setSecurity(jseSecureAllow);

   Clib.fprintf.setSecurity(jseSecureAllow);

   Clib.fread.setSecurity(jseSecureAllow);

   Clib.fwrite.setSecurity(jseSecureAllow);

}

 

function jseSecurityGuard(security_var, func, filename)

{

   /* we only guard the fopen call, so this should be it */

   Clib.assert( security_var==Clib.fopen );

 

   /* get the full path so the user can't trick us with something

   * like: 'c:\\temp\\..\\windows\\win.ini'

   */

   var actualname = SElib.fullpath(filename);

 

   /* We only want to allow files in this directory to be opened.

   */

   return Clib.strnicmp("c:\\temp\\",actualname,8)==0;

}