A3. Public Terminal Kiosk Configuration ________________________________________________________________ dataComet documentation. (Rev. 1/27/08) Copyright 1995 databeast, Inc. All Rights Reserved. dataComet offers features which help provide more secure and user-proof public access terminals. Many organizations offer public access to their records (such as card catalogs) and other databases and services on the Internet only through time-sharing systems to ensure that the public access workstations are not compromised by user modifications to the workstation's environment, or used in inappropriate ways. You can configure dataComet with some functions disabled for kiosk use to enhance security, e.g., disabling the ability to run a local Shell session (while allowing use of Telnet or SSH to connect to other systems). To do this, use the "Macro" menu item "Set Launch macro..." to set a macro to execute at the time that dataComet is launched. Holding down the Shift key while pressing the "Set" (or "Delete") button in the dialog will write the macro to an internal application resource file as well as the user-level "Comet Default" document (stored in the user's "~/Preferences/dataComet Preferences" folder). NOTE WELL: Make sure that the file permissions on the dataComet application bundle are set so that only the owner has write permission... otherwise the user will be able to modify the Launch macro, and re-enable the functions you wish disabled. For the sake of example, to disable the ability for users to open a new shell in dataComet, paste !\028\195 into the "Set launch macro..." dialog edit field, and hold down the Shift key while pressing the "Set" button. (The "!\028\195" macro disables the "File -> New -> Shell" menu and disables the option in the "Configure Terminal Session" dialog.) Note that if you press "Delete" without holding down the Shift key, the user-level Launch macro will be deleted, without deleting the application-level Launch macro; if you bring up the dialog again, the application-level Launch macro will NOT be displayed. The user can enter a different user-level macro which WILL be displayed in the dialog, which will be executed AFTER the application-level macro, so that no restricted commands may be executed. This allows users to configure useful Launch macros, e.g., automatically opening a set of user session documents, while retaining security. Disabling macro functions: special macro commands are provided specifically for the function of disabling specific macro cabilities: "!--" will disable all macro commands entered up to the end of the Launch macro or the next "!--" macro; "!-\nnn" or "!-" will disable the functions associated with a macro class. See "4. Macros" for more information on macros, and "4.1. macrocodes.h" for a complete list of functions available. Here's a detailed example of disabling different menu items on launch, using the "Macro" menu item "Set Launch macro..." to set a macro to execute at the time that dataComet is launched. (Please note that this macro cannot execute some macro commands, e.g., File "New", since it is executed very early in dataComet's configuration process). Here is an example macro, set within quotation marks: "!\001\193!\001\194!\001\195!\001\196!\001\197!\001\198!\001\199!\001\200! \001\201!\001\202!\001\203!\001\204!\001\205!\001\206!\001\207!\001\208!\0 01\214!\002\202!\013\207!\003\193!\003\194!\003\195!\003\196!\003\197!\003 \198!\003\199!\005\193!\005\194!\005\195!\005\196!\005\197!\005\198!\005\1 99!\005\200!\005\201!\005\202!\005\203!\005\204!\005\205!\005\206!\006\194 !\006\195!\006\196!\006\197" You can execute this macro (likewise the ones below) by selecting the text inside the quotes and pressing "Shift-Enter". You need to copy the macro (again, not including the quotation marks) and paste it into the "Set Launch macro..." dialog to set the launch macro permanently. When you press OK, the macro will be saved in the "Comet Default" document in the System Folder. The macro executes a number of actions which ensure that the user can no longer save data on the Macintosh disk or modify the configuration of dataComet: a) Disable all File menu items except for those related to printing. !\001\193 !\001\194 !\001\195 !\001\196 !\001\197 !\001\198 !\001\199 !\001\200 !\001\201 !\001\202 !\001\203 !\001\204 !\001\205 !\001\206 !\001\207 !\001\208 !\001\214 b) Disable the "Edit" menu "Append file to .edit window..." item to prevent users from opening random files. !\002\202 c) Disable the "Edit -> Selection" menu "Execute macro" item to prevent users from executing macros in an edit window. !\013\207 d) Disable the Window menu items "Reopen", "Close", "Abort", & "Reconfigure...". !\003\193 !\003\194 !\003\195 !\003\196 e) Disable Macro menu items except for user items. !\005\193 !\005\194 !\005\195 !\005\196 !\005\197 !\005\198 !\005\199 !\005\200 !\005\201 !\005\202 !\005\203 !\005\204 !\005\205 f) Disable Telnet menu items. !\006\194 !\006\195 !\006\196 !\006\197 You can allow users to open sessions with a restricted set of hosts by configuring documents for the sessions and including them in the dataComet "Documents" folder, even though the "Open..." dialog has been disabled. To easily get macro lists of items you want to disable, select the Macro menu item "Record actions for macro" and select the menu items while pressing "Shift-Option" with the "Caps Lock" key down. When you're finished selecting menu commands you wish to disable, select "Record end--ready to Paste". You can then paste the recorded disable-menu commands into an edit window for testing, or directly into the "Set Launch macro..." dialog. ________________________________________________________________