Re: More Tkinter questions
Thu, 09 Jun 1994 10:45:06 +0200

(me, on the Tcm "send" command)
> >Why is it an ugly hack? It seems a very neat way to control one
> >application from another. [...]

> It is also a major security hole.

According to the book it turns itself off if you don't use Xauthority
exclusively for authentication (e.g. if you use xhost + hostname), so
the only way you can get burnt is if you yourself run an insecure
application -- and that can harm you in enough other ways already so
we don't have to blame "send"...

> You also are limited to communicating with other X based machines.

Well, since it's intended as a way for communication between apps on
the same screen or display, that hardly seems a drawback, unless you
really want RPC -- in that case you should use RPC of course...

> A Tcp/Ip based implementation is a much better choice.

Actually, some X servers support multiple protocols. Using the X
server as Tk's "send" does makes this transparent to the client.
E.g. if I had a DEC X server supporting DECnet as well as TCP/IP, a Tk
app running on a DECnet client has no problem talking to one on a
TCP/IP client.

> Since Tk is ported to python, maybe someone can port Tcl-DP to
> python as well?

See Bill Janssen's comment -- there is already too much Tcl involved
in using Tk from Python.

Implementing something very similar in Python would be a piece of cake
though (and there's no need for a C extension either since Python has
a full socket interface; there's also a Python example that implements
Sun RPC clients and servers).

But, since Python provides much better low-level interfaces, I doubt
that a solution along the lines of Tcl-DP would be ideal for Python
(if only because of the security risks involved). It's simple to
write TCP or UDP based servers and clients in Python, and for most
situations a one-off protocol (or an existing protocol -- I've
(ab)used HTTP several times) would be better.

--Guido van Rossum, CWI, Amsterdam <>
URL: <>