Overwriting a file on a server

Graham Samuel livfoss at mac.com
Tue Mar 6 23:11:33 CET 2018


OK, I’ll be looking at it: I was not planning to use LiveCode server for this task, although as a matter of fact I do have a copy on the site in question for other purposes.

Thanks to you and to Richard G. I’ll report back when I’ve sorted it out.

Graham

> On 6 Mar 2018, at 17:38, Mike Bonner via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> The specific lesson for lc server file uploads is here:
> http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server
> 
> but as mentioned, setup https first!
> 
> On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> 
>> Graham Samuel wrote:
>> 
>>> However, I don’t seem to be able to mimic what my FTP software
>>> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
>>> a file on a server  - the file in question is part of a web site
>>> hosted by DreamHost. I just want to use the URL functionality to do
>>> this, as discussed in my conversation below, but I always get 405
>>> (http) or 530 (ftp). I have a vague suspicion that I should be
>>> transmitting my credentials to the server, which of course I did when
>>> I set up my FTP client, but I have absolutely no idea how to do this.
>>> 
>>> Many members of this list must have mucked around with files on a
>>> server - can someone point me to a tutorial on all this?
>> 
>> If there were, it would not be a short one.
>> 
>> If you could delete a file via HTTP alone, then anyone with a browser
>> could delete files on your server.
>> 
>> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>> 
>> You could consider FTPS or SFTP, which are not available in the Community
>> Edition but are in others via tsNet - but not without risk:
>> 
>> FTP and its secure variants are designed for ad hoc management of remote
>> file stores. You can delete the file in question, but also any other, and
>> can modify anything on the server in any way you like.
>> 
>> This is useful in tools like Filezilla, where the password is only stored
>> on your own computer.
>> 
>> But if you hard-wire the password in a script, and that script is part of
>> a publicly-distributed app, a memory dump can reveal the key to having
>> complete control over everything on your server.
>> 
>> The most common way for apps to perform write tasks on servers is through
>> an HTTP API, which would require something on the server to process the
>> requests. That something can be PHP, Python, LiveCode Server, or other
>> languages that work well with CGI.
>> 
>> You'd still want some way to authenticate the request, but since it's used
>> only in a server script you write the scope of what can be done with it is
>> much more limited.
>> 
>> And of course that assumes your web server is using HTTPS so credentials
>> can be sent over secured connection, but given the many benefits of HTTPS
>> and the free availability of SSL certs via the Let's Encrypt project
>> (Dreamhost has a convenient option for Let's Encrypt in their control
>> panel) I'm hoping we can assume all web servers managed by developers
>> already have or will soon have HTTPS in place.
>> 
>> A tutorial for getting started with LiveCode Server is here:
>> https://livecode.com/resources/guides/server/
>> 
>> I wish I had a one-liner solution for you.  But in the hostile environment
>> of the Internet, writing network applications requires much more diligence
>> than we used to enjoy back in the day.
>> 
>> --
>> Richard Gaskin
>> Fourth World Systems
>> Software Design and Development for the Desktop, Mobile, and the Web
>> ____________________________________________________________________
>> Ambassador at FourthWorld.com                http://www.FourthWorld.com
>> 
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode




More information about the use-livecode mailing list