OT: Need some offlist help with PHP-SQL

Pi Digital sean at pidigital.co.uk
Tue May 5 17:02:47 EDT 2020


I’m collating my library together. It was built with our specific purposes and had an encryptor I developed myself as the AES library in LC does not work in HTML deployment yet. It will take me another day or so to extract the components into something generic and intuitive. 

Php can be safe if you use encryption and, as one of the others said, ensure it is held in the LC code (as long as that’s encrypted too, so not from the community version of LC; it must be created from Indy or Business or it will be easy to hack). And use good login methods with strong pass keys. If you store User Pass Keys on your database, double or triple encrypt them. Everything else will likely be safe if you set your space to be https only. 

I had started an AES encryptor for HTML deployment but got pulled onto more pressing things. 

Because LC HQ seems uninterested in further development of the HTML platform and recent eco issues my client is rethinking if this is the best way to go. As it stands it does seem high-risk that it becomes outright abandonware in terms of HTML deployment. I’m on tender hooks whether we will continue development given this lack of LC HQ interest. 

Sean Cole
Pi Digital Productions Ltd


> On 5 May 2020, at 20:47, JeeJeeStudio via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> Well that's nonsense that php would not be save, you need to make sure you are not providing reasons for injections.
> 
> You need to use Mysqli or PDO
> 
> You could check here: https://forums.livecode.com/viewtopic.php?f=12&t=27521
> 
> It's described in simple ways how to use PHP scripts using PDO as middleware
> 
> I use it too, there are a lot of tips on the web how to do it save.
> 
> 
> Op 5-5-2020 om 15:27 schreef Rick Harrison via use-livecode:
>> Hi Tiemo,
>> 
>> If I were you, I would not use PHP just for security reasons alone.
>> 
>> My servers are just pounded all the time with hackers trying to
>> find PHP exploits.  They even try to install PHP on my server so
>> they can start hacking away. If you check your server’s log files
>> I am sure you will find similar hackers trying to hack your PHP.
>> They may have already been successful too!
>> 
>> If you can do it, I would recommend turning those PHP scripts into
>> LC scripts as soon as possible.
>> 
>> Good luck,
>> 
>> Rick
>> 
>>>> On May 5, 2020, at 9:16 AM, Tiemo via use-livecode <use-livecode at lists.runrev.com> wrote:
>>> 
>>> Hello,
>>> 
>>> 
>>> 
>>> I have some LC front end software, calling PHP scripts going on a SQL db.
>>> 
>>> The PHP scripts are not made by me and they are about 10 years old. I have
>>> to upgrade the PHP version on the webserver of my hosting provider from 7.1
>>> to 7.4 and within my test environment I am getting some PHP errors when
>>> testing with 7.4. Probably the issue is only a very small syntax thing with
>>> missing parentheses or something like that, but I am not good enough in PHP
>>> to find the issue.
>>> 
>>> If you are willing to help me updating my PHP scripts to 7.4, please give me
>>> a note offlist. I would also like to pay for your work!
>>> 
>>> Thank you!
>>> 
>>> 
>>> 
>>> Tiemo
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode



More information about the use-livecode mailing list