Making the content of LC Server Scripts Safe

John Craig john at splash21.com
Thu May 22 12:43:15 EDT 2014


Ageed - always include your credentials from another file - plenty of 
wise replies!  :)


On 22/05/2014 17:04, Matthias Rebbe | M-R-D wrote:
> Yes and no. If for what ever reason the lc server engine is not running or misconfigured than it could happen that the content of that .lc script will be outputted. So the best thing would be, to place the script outside the public_html folder as AndyP suggested. You could then create a script within the public_html folder which uses the include command to include that "outside" script. In case of the lc engine is not running or is misconfigured, then you will only see the include… command and not the content of the complete "confidential" script.
>
> Regards,
>
> Matthias
>
> Am 22.05.2014 um 10:01 schrieb John Craig <john at splash21.com>:
>
>> A server .lc file is parsed by the server and only it's output is ever sent to the browser (not the source code), so the code is safe :)
>>
>>
>>
>> On 22/05/2014 05:31, Nakia Brewer wrote:
>>> Afternoon all,
>>>
>>> As I venture down the road of learning what the wonders of LC Server scripts can do I find myself wondering how safe are the content of these scripts.
>>> Being completely new to Web and Server development it's probably a silly question but for example:
>>>
>>> I have a LC Server script that is called from a mobile testing app that records the devices location into a MySQL Database using $_GET params.
>>> In the LC Server Script file resides all my connection details for my database etc.
>>>
>>> So, what stops someone from accidentally stumbling across that URL and getting the content of that file?
>>>
>>> Or am I completely not understanding?
>>>
>>> Sorry in advance :)
>>>
>>>
>>>
>>>
>>> COPYRIGHT / DISCLAIMER: This message and/or including attached files may contain confidential proprietary or privileged information. If you are not the intended recipient, you are strictly prohibited from using, reproducing, disclosing or distributing the information contained in this email without authorisation from WesTrac. If you have received this message in error please contact WesTrac on +61 8 9377 9444. We do not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment. We reserve the right to monitor all e-mail communications.
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>





More information about the use-livecode mailing list