[511] in WWW Security List Archive
Web Scripting Languages (was: Re: two-way communication in html)
daemon@ATHENA.MIT.EDU (Fisher Mark)
Mon Mar 6 10:39:13 1995
From: Fisher Mark <FisherM@is3.indy.tce.com>
To: "'Phillip M. Hallam-Baker'" <hallam@dxal18.cern.ch>,
"'www-security'" <www-security@ns2.rutgers.edu>,
www-talk <www-talk@www10.w3.org>
Date: Mon, 06 Mar 95 05:56:00 PST
Errors-To: owner-www-security@ns2.rutgers.edu
One element of modern application programs that has so far pretty much been
neglected in Web client development is the integrated scripting language. I
see at least 3 uses for a Web scripting language:
1) Building extensions for current browsers;
2) A secure substitute for other CGI scripting languages; and
3) Adding intelligent agent capabilities to the Web.
One possible base for this work would be Safe-Tcl, Nathaniel Borenstein's
and Marshall Rose's email scripting extension for John Ousterhout's Tcl/Tk.
Safe-Tcl uses a two-level interpreter, where the outer interpreter supports
a carefully limited set of high-level capabilities. Safe-Tcl is designed
such that:
a) Modifications to the user's system have to be approved by the user in a
reasonably high-level fashion;
b) Email generated has to be approved by the user in, again, a reasonably
high-level fashion; and
c) "Excessive" use of system resources also has to be user-approved.
An additional basic guideline for Web scripting would then be:
d) Modifications to the Web server's system (POST or PUT) would have to be
approved by the user in a reasonably high-level fashion.
I think that (a)-(d) would suffice as constraints for (1) above (browser
extensions).
A secure substitute for CGI scripting languages ((2) above) for gateway
purposes might be handled via the current CERN server's ability to run CGI
scripts under a separate user ID that has no directory/file write
permissions anywhere except perhaps to a directory for temporary files. If
the gateways can be constructed as one-pass programs, then temporary files
would not be needed by CGI scripts under OSes that support pipelining.
Intelligent Web agents would:
i) Be able to walk the Web on their own (travel from machine to machine);
ii) Via a specific URL at each host, like
"http://your.machine.com/Agent-Entry";
iii) Interacting with a specified user ID (like
"webmaster@your.machine.com") who would have the approval authority from
constraints (a)-(d) above.
If the URL "http://your.machine.com/Agent-Entry" did not exist, no agent
could enter that Web. If agents are permitted entry, capability (iii) along
with constraints (a)-(d) should enable each site to formulate an appropriate
policy for agent execution. "Spiders" could really walk the Web...
I suggest the name "Spider" for this Safe-Tcl extension.
======================================================================
Mark Fisher Thomson Consumer Electronics
fisherm@indy.tce.com Indianapolis, IN
"Just as you should not underestimate the bandwidth of a station wagon
traveling 65 mph filled with 8mm tapes, you should not overestimate
the bandwidth of FTP by mail."
