Secure connection to server
neville.smythe at optusnet.com.au
Mon Dec 28 20:25:26 EST 2020
I have now moved all my code from php to LiveCode server as the middle-ware.
Firstly it appears that the LiveCode post operation does reuse authentication credentials to an https connection as long as calls are made within a single script. In my case the first call typically takes slightly more than 1 second, subsequent calls in the same script take under half a second.
This is still not adequate to conduct a conversation with the remote database, as was possible when connecting directly, but at least in my case I can get away with just two calls from clients to server: first “tell me the current status of all this stuff”, second “please update the db using this stuff”. It means packing and unpacking “stuff” into large files at each end, but LC is so easy and efficient at text processing that was not difficult. Indeed as usual with refactoring, I found a number of code improvements.
The remaining really slow operation involves managing the mail distribution lists. DreamHost is still using Mailman 2.x, so that the only way to get the current list of subscribers is to scrape the admin web pages. There is a well known subscriberlist.py python script to do this but it is painfully slow. When used directly (insecurely) from the client, this took 10 seconds or so to gather 175 subscribers. Transferring this to the server side with lc authentication in-between, it now takes 14 to 15 seconds; I’m not sure why it is more that 2 seconds slower but it is what it is. I have rewritten this as an lc script, which shaves a couple of seconds off; to be fair the python script is doing rather more than my lc script as it is much more generic. And on the other hand I can understand what my script is doing, whereas the python script is rather opaque (to me).
So overall I am very happy with LC server. And I have a new toy to play with for the New Year.
> On 16 Dec 2020, at 11:32 am, Neville Smythe <neville.smythe at optusnet.com.au> wrote:
> A little while ago in this forum we were alerted to the fact that LC direct connection to a remote database not using SSL was a security hole. This also applies to managing Mailman lists on a remote server.
> After a steep (re-)learning curve with the various technologies, I now have a working method in place for both mysql and Mailman connections, using php as middleware and posting via curl in a shell script. But it is sooo slooow.
> Direct connection downloaded an sql query in a fraction of a second. It now takes over a second. This is acceptable (barely) for an isolated call, but I sometimes need to make a sequence of posts. As I understand it, the slowness is due to the time required to establish the secure connection, not an LC problem. For example establishing an ssh connection in Terminal is even slower; but once established an ssh session is super fast. Similarly curl will reuse authentication credentials within a shell session, so I aggregate as many calls as I can with a single shell script before using shell(myscript), and this definitely helps.
> What I would like to do however is use LC server as the middleware: I could then process the required data on the server side; I could not contemplate using php to do this. I suspect the LC post command uses curl under the hood, but I also suspect each post call would create its own session. I don’t think it is possible to establish a single session to talk sequentially to lcserver; if so this would be too slow. Am I correct?
> Actually I guess I could just use my present method using curl and shell() instead of post, but addressed to an .lc script instead of .php?
> Or is there a whole better way to do what I want?
> Neville Smythe
More information about the use-livecode