options for safe transfer of data to a server - ?
alex at tweedly.net
Tue Mar 13 13:05:19 CDT 2012
ftp is indeed a security problem, and sftp is not (easily) available -
needs externals, or command line usage, etc.
https:// would be an option - but he would need an ssl cert.
However, if the item to be uploaded is small (sounds like it is), then
you can do it very safely and easily, just as a get URL with the
parameters encrypted from within LC.
LC on the client machine (pseudo code):
put "My machine has been installed" && tMyName && tMyOtherData into
encrypt tDataToSendToServer with des using password "mysecretpassword"
put it into tData
put "http://my.domain.com/registerinstall.lc?data=" &
urlencode(tData) into tURL
get URL (tURL)
(and of course, make sure that you keep the password safe, only do this
within a protected stack, etc.
and on the server, you simply take the data passed, urldecode it,
decrypt it (with the same secretpasword) and log it to the file.
There is a tiny insecurity here - someone could flood you with bad URL
gets and grow you logfile out of control - which can easily be avoided
by passing a security check, e.g. ( add this code immediately before the
get URL above)
put the seconds into tTime
encrypt tTime with des using password "mysecretpassword"
put it into tEncTime
put "?time=" & tTime & "&enctime=" & tEncTime after tURL
and then on the server, verify that the enctime value can be decrypted
to get the time value; only save the data if that matches OK.
On 13/03/2012 12:42, Curt Ford wrote:
> My client wants to have a routine that records when a user first installs the project, by incrementing an item in a text file on his server. We've got it working well with ftp but I'm wondering if whether sending the ftp login& password over regular ftp is a security issue; some digging in the archives makes me think that sftp isn't an option yet.
> Would https:// be an option to write to a file on the server? Would that require that they have an SSL certificate?
> Any ideas on a good way to handle this?
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the use-livecode