Saving images to webserver

Richard Gaskin ambassador at fourthworld.com
Tue Nov 15 18:37:37 CET 2016


John Allijn wrote:

 > I found this thread on the forums: 
http://forums.livecode.com/viewtopic.php?f=11&t=19042
 > If you scroll down, you see the solution at the bottom of the page.
 > Works perfectly!
 > The data that I am sending (pictures of public buildings) isn’t very
 > risky. So I’ll stick with this solution. Maybe a more secure way
 > presents itself in the future :)

Good call.

REST APIs over HTTP are an excellent default choice, where other options 
may become relevant if for some reason a REST API cannot be used.

FTP is indeed too dangerous for anyone to use, and SFTP only secures the 
transmission but does not alter the role of FTP as a means of providing 
ad hoc traversal of a file repository.

Of course if that's what you want that's what you should use. But it's 
often helpful to keep in mind the security principle of Least 
Privileges: only provide as much access as a given task truly requires.

When the goal is to move specific data to a specific location, a REST 
API allows you control over what can and can't be done.  It serves as a 
gatekeeper, allowing you to examine incoming data to ensure that what's 
being sent is what's expected, providing an opportunity to sanitize as 
needed.

For example, an image will have a file name, and with FTP/SFTP that file 
name can be any string that resolves to a valid location on the server. 
The file path could be "~/public_html/something.jpg.php", and once 
installed if the file contains PHP code it could be executable from 
anywhere in the world.

A REST API gives you the opportunity to reject file names that include 
"/", and those which any suffix anywhere in the string which may trigger 
execution, like ".php" or ".lc" (Apache doesn't care if it's the only 
file name extension, or even the last; if configured to handle PHP or 
other scripting engine it'll execute it when requested just the same). 
You could go even further to ensure the ostensible file data also 
includes the "magic number" header that should be present in an image 
file of a given type, though there are reasons why that alone still 
won't be sufficient, and if you've already blocked arbitrary file 
locations that risk has already been mitigated.

HTTP-based REST APIs make an excellent default choice, for their role as 
gatekeeper.  All systems are hackable, but at a minimum we want to use 
common good practices to at least make it challenging for the bad guys 
to get control of our servers.  And as long as we keep Least Privileges 
in mind as we type each line of code, with every decision we make along 
the way our systems become just a little more hardened against attack.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com



More information about the use-livecode mailing list