leap to future

Richard Gaskin ambassador at fourthworld.com
Fri Feb 19 15:23:59 EST 2016

Sannyasin Brahmanathaswami wrote:

 > SFTP was not on the list! That's continues to be such an irritation
 > that this is not prioritized.
 > see bug: bug 6405<http://quality.livecode.com/show_bug.cgi?id=6405>
 > Please, everyone go and vote.

The voting system was retired years ago.  For the sake of keeping 
reports actionable please add only technical details to reports that can 
further the work of implementing them.

I agree that this would be a very valuable addition, and IIRC Kevin's 
said previously that it would be included along with an even higher 
priority for modern work, OAuth2, as part of the network library 
overhaul that was included among the Kickstarter goals.

I believe that library will be written in LC Builder, which is coming 
together as part of v8.0, in development now.

Exactly how soon after that the team will be in a position to work on 
the new networking library is something only the team can comment on, 
but the foundation needed for it is being worked on right now.

 > Please, Please PLEEZE! Prioritize this request. it is much more
 > important that your realize.  95% of all apps today must communicate
 > with the web. This means the teacher, the enterprise, the business,
 > the developer etc. must be transferring files to the web server.

As useful as SFTP is for many things, it may not be the best choice for 
all of the use cases outlined there.

FTP/SFTP gives unbridled access to the entire server, at least as far as 
the account can get to.  If uploading content to a web server, this 
means all publicly accessible files on that server as well as private 
configuration files. Unless used with great care, it's very easy to 
move, modify, or even delete files on a server, perhaps unintentionally 
and with unpredictable results.

For this reason most web sites that need content contributions from 
distributed stakeholders create HTTP-based APIs for that.  This allows 
much more control over what can be sent and how it's handled, and as 
such is much more secure.  Extra bonus points that HTTP/HTTPS is often 
more more efficient than FTP/SFTP.

Using LiveCode Server right now we can craft an upload receiver script 
in minutes - the sample code has already been delivered with a tutorial:

Some stakeholders may indeed need complete access to the server, but for 
the most part those are developers, or at a minimum trusted team members 
with reasonable technical skills.  Developers will probably already have 
shared SSH keys in place so they can enjoy the greater efficiency of 
rsync for file transfers, and once there's a shared SSH key in place 
rsync, scp, and other file transfer tools can be used in automated 
solutions built with LiveCode today using the shell function.

Once we get past the larger use case of folks with limited skills for 
which the control of an HTTP-based API is a good fit, and developers who 
probably already have a shared SSH key on the server, the remainder does 
indeed represent a good case for which SFTP would be very useful.  But 
it is, in all fairness, a subset getting ever smaller as more orgs 
develop APIs to automate content transfer.

  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  Ambassador at FourthWorld.com                http://www.FourthWorld.com

More information about the use-livecode mailing list