mod_dtcl

mod_dtcl is an implementation of server-parsed tcl for the Apache web server. It is fast, light, simple and easy to use. More information may be had at http://tcl.apache.org/mod_dtcl/


Apparently, serious development attention has moved from this module to Rivet.


From the Tcl chatroom on 2001-11-05:

Micailah: does anyone know if mod_dtcl works on windows 98 if not is there a tcl module for apache server for win98?

Pat Thoyts: Sorry - I was elsewhere - I use mod_dtcl on win98 myself. There are some funny things to do to install it. One is to rename the file to ApacheModuleDtcl.dll and place it into the modules subdirectory of apache. Then add the following line to httpd.conf:

 LoadModule dtcl_module modules/ApacheModuleDtcl.dll 

near the modules section plus these lines near the other AddHandler lines:

 AddType application/x-httpd-tcl .ttml 
 AddType application/x-dtcl-tcl .dtcl 

To test put something like this in htdocs/test.dtcl

package require html
puts [eval {
    html::init
    html::author "Me <self@localhost>"
    html::description "test out the Dtcl module for Apache."
    html::head "DTcl Test Page"
}]

puts [html::h1 [html::getTitle]]
puts [array get tcl_platform]
puts [html::end]

and browse to it.

  • clock : 1004976001 : Nov 5,2001 Monday 4pm GMT

Pat Thoyts: Bad news for the dtcl security. The following page code does delete the file:

catch {file delete c:/zz.z} msg 
puts "<p>$msg</p>"

mod_dtcl has all the permissions that Apache does, which means two things:

  1. without doing something clever in the BeforeScript and AfterScript configuration variables, dtcl probably isn't ideal for an environment where lots of users have access to it. It *does* have separate interpreters for different virtual hosts, though.
  2. security is based on giving things the correct permissions. Your web server should not have write access to much, for example.

- davidw

This strikes me as a possible extra benefit of VFS -- we could define a vfs which traps all filesystem access outside of a given directory and throws an error; thus effectively (and provably) limiting Tcl to one particular subset of files.