Sending mail from on-rev server

Christer Pyyhtiä christer at mindcrea.com
Mon Oct 7 13:23:33 CEST 2013


Avoiding LC on-rev server to become a spam generator is good thinking.  Made me to review the code at both ends making sure there is no way a user from a device could even accidentally access (the mail capability in) the server, the mails being activated only by and within the code in the server. Obviously every access to the server must be protected with password and validated against things like SQL injection trials, not keeping your usernames or passwords in variables and never in global variables but generating those in the fly at both ends and so on.  However, any server system can be hacked into provided you have enough time and money, and then you can plant your own code into it.

The thinking leads to a question would it be possible to password protect your LC code in the server like you can protect the stack in the development system OS/X, Windows and Linux?  The server code is in source format and what I believe 'compiled' every time by LC Server when accessed (found out not any global variables are retained between two consequtive accesses).  Or could the server code be saved only 'compiled', i.e. one would keep the source code in the development system only, and compile into the server?

If it is really about safety, and the tech solution to this at least two weeks old showstopper being just a piece of cake…?

rgds christer








More information about the use-livecode mailing list