Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

How do I secure a msgcat file?

5 views

Skip to first unread message

Matthias Kraft

unread,

Sep 7, 2005, 9:34:32 AM9/7/05

Hi everybody,

if I understand ::msgcat::mcload correctly, it loads <lang>.msg files
from a specified directory and executes them. It does not matter if
they really only contain mcset directives, but may also contain any
Tcl script. Is that right?

If so, how do I ensure the content does not interfer with my
application, e. g. overwriting procs/variables etc.?

kind regards
--
Matthias Kraft
Software AG, Germany

(They that can give up essential liberty to obtain a little temporary)
(safety deserve neither liberty nor safety. -- Benjamin Franklin)

Kevin Kenny

unread,

Sep 21, 2005, 10:37:09 AM9/21/05

Matthias Kraft wrote:
> Hi everybody,
>
> if I understand ::msgcat::mcload correctly, it loads <lang>.msg files
> from a specified directory and executes them. It does not matter if
> they really only contain mcset directives, but may also contain any
> Tcl script. Is that right?
>
> If so, how do I ensure the content does not interfer with my
> application, e. g. overwriting procs/variables etc.?

Uhm. Keep the msgs directory secure, as you would any other directory
containing Tcl code that's "part of" your application. The .msg files
that are shipped with Tcl/Tk are "well behaved," but you *do* need to
be careful.

For whatever it's worth, [mcload] is careful about locale names so that
they can't, for example, contain '../' - locale files should never be
able to escape the current directory.

--
73 de ke9tv/2, Kevin

0 new messages