Making the content of LC Server Scripts Safe

Richard Gaskin ambassador at fourthworld.com
Thu May 22 12:13:30 EDT 2014


Devin Asay wrote:

 > As John said .lc files are parsed by the server and only the output
 > is visible to the browser. But I'm like you, when storing things
 > like MySQL login credentials I'm nervous about saving them in plain
 > text, even in a .lc file. So I take the extra step of storing the
 > credentials in an encrypted form in a file separate from the .lc
 > script that calls it. Then I have the .lc script read in and decrypt
 > the login credentials before logging in to the MySQL server. It may
 > be overkill and one extra step, but most hackers go for the
 > low-hanging fruit. I figure this makes it harder, so the bad guys
 > will just move on to other targets.
 >
 > My $.02.

Here's another $0.02, raising the total value to $0.04, courtest of Dave 
Cragg, author of libURL and other good stuff:

Whenever practical, it may be useful to store critical data outside the 
web root folder, e.g.:

accountfolder/
     encryptedpasswords.txt
        ht-docs/
           .htaccess
           index.lc
           cgi-bin/
             livecode-server

The security benefit here is minor, really only protecting the data from 
cases in which Apache fails to handle .htaccess correctly.

Once moved outside the web root, getting that data requires either total 
failure of permissions enforcement by Apache (something I've never 
seen), or complete access to your server (something we see often, 
usually from weak passwords*, and in which case you have bigger issues 
to worry about because everything on your site is completely pwned).

Minor as it is to store data outside the web root, as with all things 
security each little improvement is just one less potential exploit, so 
where there's no downside it's probably worth doing.

As Dave says about moving even the server engine outside web root, "It's 
like the difference between quiche and egg pie!" :)


* Lately I use shared SSH keys for passwordless login to my servers, not 
only for the convenience but also because it allows me to use scp, rsync 
and other Linux utilities from LiveCode.

On dedicated servers (where you have access to sshd.conf), once you have 
your shared keys set up you can take that one step further and 
completely turn off password authentication altogether, making the 
system immune to brute force attacks.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com




More information about the Use-livecode mailing list