Protecting Log In Info

Dave Cragg dcragg at lacscentre.co.uk
Fri Jun 3 08:54:10 EDT 2005


On 3 Jun 2005, at 02:22, Sivakatirswami wrote:
>
> set the uLogINs of this stack to "fooNameUser,barPassword"
>
> scripts can later:
>
> put item 1 of the uLogINs of this stack into tUser
> put item 2 of the uLogINs of this stack into tPassword
>
> put fld "yourEssayOnWhatever" into url ("ftp:" & tUser & ":" &  
> tPassword &"@somedomain.com/incoming/newEssay.txt")
>
> This should work.. but the logIns are unavailable in any context  
> without the passkey... correct?

With a copy of Rev, anyone can access the custom properties in a  
stack, even if the stack has the password set. So if someone  
"guesses" the login info is held in a custom property, it wouldn't  
take them long to find it.

>
> .and this is about as secure as we can make if where the goal is to  
> provide an FTP client to a third party that allows uploads to your  
> server.

Where I've had to do this before, I had the the client app load the  
FTP credentials from a stack held on a web server. The stack was  
obtained through a CGI which authenticated the request. In this case,  
the client app itself also had a login system with ID and password,  
and these login credentials were used as part of the authentication  
process in the CGI.

It wasn't completely secure, but by keeping the credentials on the  
server instead of embedded in a local stack, it enabled changing the  
FTP user name and password at any time.

Dave


More information about the use-livecode mailing list