Settings RdoitSettings/en: Unterschied zwischen den Versionen
Cg (Diskussion | Beiträge) |
Cg (Diskussion | Beiträge) |
||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
== Remote Doits Enabled == |
== Remote Doits Enabled == |
||
If enabled, a server process is started within expecco, which handles and serves "RDoit" requests. These allow JavaScript/Smalltalk expressions to be evaluated via the rdoit shell command. |
If enabled, a server process is started within expecco, which handles and serves "RDoit" requests. These allow JavaScript/Smalltalk expressions to be evaluated via the rdoit shell command (which is provided as part of the deployed package). |
||
This is especially useful, to start expecco actions via the window manager or from shell/batch scripts. It can also be used to access expecco services from other foreign applications. |
This is especially useful, to start expecco actions via the window manager or from shell/batch scripts. It can also be used to access expecco services from other foreign applications. |
||
=== Warning === |
=== Warning === |
||
The RDoit mechanism is meant as a tool for developers to be used ONLY in a secure network. Under no circumstances should untrusted people be allowed to connect to the rdoit port. Security-wise, it falls into the same category as a telnet port. If at all, it should be configured to only allow connections from the local host. |
The RDoit mechanism is meant as a tool for developers to be used ONLY in a secure network. Under no circumstances should untrusted people be allowed to connect to the rdoit port. Security-wise, it falls into the same category as a telnet port. If at all, it should be configured to only allow connections from the local host. By default, expecco does not open the rdoit port. |
||
RDoit expressions are not evaluated in a secure environment; if enabled, any expression (even destructive) can be evaluated via the rdoit command. |
RDoit expressions are not evaluated in a secure environment; if enabled, any expression (even destructive) can be evaluated via the rdoit command. |
||
Aktuelle Version vom 19. März 2023, 17:59 Uhr
Inhaltsverzeichnis
Remote Doits Enabled[Bearbeiten]
If enabled, a server process is started within expecco, which handles and serves "RDoit" requests. These allow JavaScript/Smalltalk expressions to be evaluated via the rdoit shell command (which is provided as part of the deployed package).
This is especially useful, to start expecco actions via the window manager or from shell/batch scripts. It can also be used to access expecco services from other foreign applications.
Warning[Bearbeiten]
The RDoit mechanism is meant as a tool for developers to be used ONLY in a secure network. Under no circumstances should untrusted people be allowed to connect to the rdoit port. Security-wise, it falls into the same category as a telnet port. If at all, it should be configured to only allow connections from the local host. By default, expecco does not open the rdoit port.
RDoit expressions are not evaluated in a secure environment; if enabled, any expression (even destructive) can be evaluated via the rdoit command. Although exceptions are caught, a bad guy could send you something like "Smalltalk exit" and finish your expecco session. Even worse, attacks are possible by sending something like "OperatingSystem removeFile" to harm your system, or "OperatingSystem executeCommand", to install a virus.
In order to provide a bit of security, the RDoitServer opens a confirmation dialog for every new host trying to connect. This allows denying requests from other hosts.
Also, the rdoit server can be configured to either serve a TCP socket or a unix-domain socket (only in Linux). For TCP sockets you can restrict rdoit access to programs running in the local machine. This is always the case when you use unix domain sockets under Linux. Do not enable acces from remote hosts, if your machine can be reached via untrusted machines (i.e. the internet). Only enable this to a limited set of machines in controlled environments. For example, to partners in a programming team, or to a cooperating host in a secure, controlled multi-machine control application. Never allow for untrusted humans to enter the rDoit command string without validation against a set of allowed, harmless commands.
The "rdoit" command[Bearbeiten]
The rdoit command is provided in the "bin" directory, in parallel with expecco. (In expecco before version 22.1 it is installed as "packages\stx\goodies\rdoit\rdoit.exe").
The other check boxes in the settings dialog control if logging information is to be sent to Smalltalk's transcript or standard output.
Example[Bearbeiten]
Suppose, you have installed the rdoit executable program in your path, you can evaluate Smalltalk expressions from the Windows Powershell or UNIX shell as:
rdoit "SystemBrowser default open"
or, to print the result of some expression:
rdoit -p "1000 factorial"
or, to open a dialog:
rdoit -p "Dialog request:'How are you '"
or, to open a file browser:
rdoit "FileBrowser default open"
