application/x-bdrop; /usr/dt/bin/dtksh /usr/dt/webbackdrops/scripts/security.dtksh %s >/dev/null 2>&1

application/x-bdrop bdrop

You will need to add these entries to the appropriate files, or create the files if necessary, and then restart your web browser. To help you add these entries to your .mailcap and .mime.types files we provide a shell script /usr/dt/webbackdrops/scripts/config_webbackdrops.dtksh . If you want to execute this from the command line, it will add each of these lines to the bottom of the appropriate files in your $HOME directory. These changes will not take affect until web browser(Netscape) gets restarted. So make sure that after running this script that you exit Netscape. You will then be ready to go back to the DtStyle, Backdrop window and select "Office" and try out the sample "Office".

Setting up your own Backdrop.

In order to create your own scripts you first need to create a trigger file. For example you have to reference a file with extension ".bdrop", that file must contain one line with the name of a dtksh script that is in either $HOME/.dt/webbackdrops/scripts, /etc/dt/webbackdrops/scripts, or /usr/dt/webbackdrops/scripts directories. In the example provided, the clock hanging on the wall is associated with URL "file:/usr/dt/webbackdrops/xclock.bdrop". This file(known here as the trigger file) should simply contain one line with the name of the dtksh script to execute. As you can see from the line added to the .mailcap file, /usr/dt/webbackdrops/scripts/security.dtksh gets executed and passed this trigger file. The security.dtksh then parses the first line of your trigger file, and then tries to execute a dtksh script file by that name. It will look in the user's $HOME/.dt/webbackdrops/scripts directory if it cannot find a script there, then it checks /etc/dt/webbackdrops/scripts, and finally /usr/dt/webbackdrops/scripts.

Security Issues

For security reasons, $HOME/.dt/webbackdrops/scripts,/etc/dt/webbackdrops/scripts, and /usr/dt/webbackdrops/scripts are the only directories from which the security.dtksh script will execute. This prevents imagemaps, or an http address from pointing to any other script on your system. Please keep in mind, that with this settup, you could unknowingly run any of the scripts in $HOME/.dt/webbackdrops/scripts, /etc/dt/webbackdrops/scripts, or /usr/dt/webbackdrops/scripts directories. So you should not put any destructive scripts in these directories. If you add the above lines to your .mailcap and .mime.types files, then you must ensure that the appropriate security restrictions be maintained on these directories. Also understand that none of the current shell scripts shipped in the /usr/dt/webbackdrops/scripts directory pose any type of security risk.

What is an example of an unsecure script?

Let's assume that you want to create a hot spot on your image map for shutting down your system. So you create /etc/dt/webbackdrops/scripts/shutdown.dtksh which looks like this:

shutdown -F

You then also create /etc/dt/webbackdrops/shutdown.bdrop which looks like this:

shutdown.dtksh

Now you could create an HTTP reference in your image map that would point to /etc/dt/webbackdrops/shutdown.bdrop and when you click on the reference your machine would do a fast shutdown. Now as the system administrator this sounds like perhaps a good thing to have in your image map. However the problem is that if while you are browsing around the internet, if you ever come across a HTTP reference to "file:/etc/dt/webbackdrops/shutdown.bdrop" your system would get shutdown.

Therefore you should not put anything in the dtksh directories that would be destructive if accidentally run.