Learn more about TCL application security with our resources.
Tcl is a high-level, general-purpose, interpreted, dynamic programming language. It was designed with the goal of being very simple but powerful. Tcl casts everything into the mold of a command, even programming constructs like variable assignment and procedure definition. Tcl supports multiple programming paradigms, including object-oriented, imperative and functional programming or procedural styles. It is commonly used embedded into C applications, for rapid prototyping, scripted applications, GUIs, and testing. Tcl interpreters are available for many operating systems, allowing Tcl code to run on a wide variety of systems. Because Tcl is a very compact language, it is used on embedded systems platforms, both in its full form and in several other small-footprint versions.
Tk is a free and open-source, cross-platform widget toolkit that provides a library of basic elements of GUI widgets for building a graphical user interface (GUI) in many programming languages. Tk provides a number of widgets commonly needed to develop desktop applications, such as button, menu, canvas, text, frame, label, etc. Tk has been ported to run on most flavors of Linux, Mac OS, Unix, and Microsoft Windows. The popular combination of Tcl with the Tk extension is referred to as Tcl/Tk, and enables building a graphical user interface (GUI) natively in Tcl. Tcl/Tk is included in the standard Python installation in the form of Tkinter.
AOLserver is AOL's open source web server. AOLserver is multithreaded, Tcl-enabled, and used for large scale, dynamic web sites. AOLserver was originally developed by NaviSoft under the name "NaviServer", but changed names when AOL bought the company in 1995. America Online open-sourced the program in 1999. AOLserver was the first HTTP server program to combine multithreading, a built-in scripting language, and the pooling of persistent database connections. For database-backed Web sites, this enabled performance improvements of 100× compared to the standard practices at the time of CGI scripts that opened fresh database connections on every page load. Eventually other HTTP server programs were able to achieve similar performance with a similar architecture. AOLserver is a key component in the Open Architecture Community System (OpenACS) which is an advanced open-source toolkit for developing web applications.
NaviServer is a high performance web server written in C and Tcl. It can be easily extended in either language to create web sites and services; there are over 35 modules available. NaviServer is based on AOLserver (version 4.10), AOL's open-source web server. The NaviServer project started as a fork of the AOLserver project. It is different by supporting multiple protocols, providing higher scalability through aynchronous I/O streaming and aims to be less conservative with new feature development. Historically NaviServer was the original name of the server, a closed-source product by a company called NaviSoft in the early 1990s. It was bought by AOL in 1995, and released as open-source in 1999 as AOLserver after they released Mozilla. This friendly-fork takes the code back to its original name.
AOLserver Dynamic Pages (ADPs), ADPs are HTML pages that are parsed and run on the server when the page is accessed. ADPs contain HTML tags and Tcl scripts that are embedded within the HTML tags. The embedded Tcl scripts can call other Tcl scripts that reside in separate files, allowing you to reuse Tcl code. Probably the easiest way to make AOLserver output dynamic content.
The ArsDigita Community System (ACS) was an open source toolkit for developing community web applications developed primarily by developers associated with ArsDigita Corporation. It was licensed under the terms of the GNU GPL, and is one of the most famous products to be based completely on AOLserver. Although there were several forks of the project, the only one that is still actively maintained is OpenACS. Features of ACS included a core set of APIs, datamodels, and database routines for coordinating information common to all community web applications, as well as modules such as workflow management, CMS, messaging, bug/issue tracking, project tracking, e-commerce, and bboards. The ACS was originally written using the Oracle database and AOLserver threaded web server and thus was a combination of SQL, HTML templates, and Tcl code to merge database results with templates. ACS 3.4, however, was also available with Java Server Pages to run with Apache and Tomcat. In 2001, the code tree was forked, with the Tcl code base being maintained and refactored by one group of developers, while the product line was being re-written in Java EE. In 2002, Red Hat acquired ArsDigita. As a result of this, the Java version was renamed "Red Hat CCM", and official support for the Tcl version ceased. However, the Tcl version continued to be maintained by the OpenACS community.
The Open Architecture Community System, it provides a set of applications, that can be used to deploy web sites that are strong on collaboration. Some of the applications are Workflow, CMS, Messaging, Bug/Issue tracker, e-commerce, blogger, chat and forums. OpenACS also provide an application development toolkit with an extensive set of APIs and services to enable quick development of new applications. Features include permissioning, full internationalization, Ajax, form builder, object model, automated testing, subsites and a powerful package manager. OpenACS runs on AOLserver and NaviServer with either Oracle or PostgreSQL as its database.
TCL known attacks and Vulnerabilities: