Overwriting a file on a server

Richard Gaskin ambassador at fourthworld.com
Tue Mar 6 11:33:08 EST 2018


Graham Samuel wrote:

 > However, I don’t seem to be able to mimic what my FTP software
 > (Transmit on the Mac, or FileZilla) can do, which is to easily delete
 > a file on a server  - the file in question is part of a web site
 > hosted by DreamHost. I just want to use the URL functionality to do
 > this, as discussed in my conversation below, but I always get 405
 > (http) or 530 (ftp). I have a vague suspicion that I should be
 > transmitting my credentials to the server, which of course I did when
 > I set up my FTP client, but I have absolutely no idea how to do this.
 >
 > Many members of this list must have mucked around with files on a
 > server - can someone point me to a tutorial on all this?

If there were, it would not be a short one.

If you could delete a file via HTTP alone, then anyone with a browser 
could delete files on your server.

FTP is unsafe to use on the Internet, as it sends passwords in clear text.

You could consider FTPS or SFTP, which are not available in the 
Community Edition but are in others via tsNet - but not without risk:

FTP and its secure variants are designed for ad hoc management of remote 
file stores. You can delete the file in question, but also any other, 
and can modify anything on the server in any way you like.

This is useful in tools like Filezilla, where the password is only 
stored on your own computer.

But if you hard-wire the password in a script, and that script is part 
of a publicly-distributed app, a memory dump can reveal the key to 
having complete control over everything on your server.

The most common way for apps to perform write tasks on servers is 
through an HTTP API, which would require something on the server to 
process the requests. That something can be PHP, Python, LiveCode 
Server, or other languages that work well with CGI.

You'd still want some way to authenticate the request, but since it's 
used only in a server script you write the scope of what can be done 
with it is much more limited.

And of course that assumes your web server is using HTTPS so credentials 
can be sent over secured connection, but given the many benefits of 
HTTPS and the free availability of SSL certs via the Let's Encrypt 
project (Dreamhost has a convenient option for Let's Encrypt in their 
control panel) I'm hoping we can assume all web servers managed by 
developers already have or will soon have HTTPS in place.

A tutorial for getting started with LiveCode Server is here:
https://livecode.com/resources/guides/server/

I wish I had a one-liner solution for you.  But in the hostile 
environment of the Internet, writing network applications requires much 
more diligence than we used to enjoy back in the day.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com




More information about the Use-livecode mailing list