Re: Overwriting a file on a server

2018-03-07 Thread Graham Samuel via use-livecode
Hi Bob

Yes, that works - since the file is tiny, just trying to download it and seeing 
what you get works  too (not a good strategy in general, I agree). The problem 
was the overwriting of the file - Richard G and other folks have pointed out 
that it would be extremely dangerous in the whole internet world if that were 
easy! I was in retrospect being extremely naive. What it’s done to me is to 
make me reconsider the way my app works, and I’ve chosen another way of dealing 
with my requirement by using local application storage. This just happens to 
work in my particular case.

Cheers

Graham

> On 7 Mar 2018, at 04:42, Bob Sneidar via use-livecode 
>  wrote:
> 
> if there is a file?
> 
> Bob S
> 
> 
>> On Mar 5, 2018, at 05:04 , Graham Samuel via use-livecode 
>>  wrote:
>> 
>> How can I grow my own, by detecting the existing file and then overwriting 
>> it anyway? 
> 
> 
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Overwriting a file on a server

2018-03-06 Thread Bob Sneidar via use-livecode
Oh, by server, you mean WEB server. NVM.

Bob S


> On Mar 6, 2018, at 19:42 , Bob Sneidar via use-livecode 
>  wrote:
> 
> [This message was identified as a phishing scam. Learn about phishing at 
> http://aka.ms/LearnAboutPhishing]
> 
> if there is a file?
> 
> Bob S
> 
> 
>> On Mar 5, 2018, at 05:04 , Graham Samuel via use-livecode 
>>  wrote:
>> 
>> How can I grow my own, by detecting the existing file and then overwriting 
>> it anyway?
> 
> 
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: Overwriting a file on a server

2018-03-06 Thread Bob Sneidar via use-livecode
if there is a file?

Bob S


> On Mar 5, 2018, at 05:04 , Graham Samuel via use-livecode 
>  wrote:
> 
> How can I grow my own, by detecting the existing file and then overwriting it 
> anyway? 


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: Overwriting a file on a server

2018-03-06 Thread Charles Warwick via use-livecode
Hi,

> Graham Samuel wrote:
> 
>> However, I don’t seem to be able to mimic what my FTP software
>> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
>> a file on a server  - the file in question is part of a web site
>> hosted by DreamHost. I just want to use the URL functionality to do
>> this, as discussed in my conversation below, but I always get 405
>> (http) or 530 (ftp). I have a vague suspicion that I should be
>> transmitting my credentials to the server, which of course I did when
>> I set up my FTP client, but I have absolutely no idea how to do this.

Using delete via HTTP will generally fail unless the HTTP server and website 
are specifically configured to allow it (it would usually also require 
credentials).  Some HTTP APIs do allow the DELETE method.  I expect this is not 
what you are after. :-)

As you mentioned above, Transmit would be doing this via FTP, but you would 
need to send your credentials as part of the request.  You can do this with put 
URL and delete URL (for any supported protocol) by encoding them into the URL 
that you use like this:

put urlEncode(“username”) into tUser
put urlEncode(“password”) into tPass
put “ftp://“ & tUser & “:” & tPass & “@ftp.mydomain.com/path/to/file.txt” into 
tUrl

I expect that would likely solve your issue, but as Richard has mentioned, 
there are security issues to be considered that are all dependant on the 
environment that you are using your application in.

Cheers.

Charles



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Overwriting a file on a server

2018-03-06 Thread Graham Samuel via use-livecode
In case anyone was holding their breath, I have just realised that the data I 
wanted to store on the server can be stored elsewhere (in the application data 
area, as a property of a stack). So I won’t be in such a hurry to learn this 
stuff, though I know its value and will do so eventually.

Graham

I wrote just now:

> OK, I’ll be looking at it: I was not planning to use LiveCode server for this 
> task, although as a matter of fact I do have a copy on the site in question 
> for other purposes.
> 
> Thanks to you and to Richard G. I’ll report back when I’ve sorted it out.
> 
> Graham
> 
>> On 6 Mar 2018, at 17:38, Mike Bonner via use-livecode 
>>  wrote:
>> 
>> The specific lesson for lc server file uploads is here:
>> http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server
>> 
>> but as mentioned, setup https first!
>> 
>> On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
>> use-livecode@lists.runrev.com> wrote:
>> 
>>> Graham Samuel wrote:
>>> 
 However, I don’t seem to be able to mimic what my FTP software
 (Transmit on the Mac, or FileZilla) can do, which is to easily delete
 a file on a server  - the file in question is part of a web site
 hosted by DreamHost. I just want to use the URL functionality to do
 this, as discussed in my conversation below, but I always get 405
 (http) or 530 (ftp). I have a vague suspicion that I should be
 transmitting my credentials to the server, which of course I did when
 I set up my FTP client, but I have absolutely no idea how to do this.
 
 Many members of this list must have mucked around with files on a
 server - can someone point me to a tutorial on all this?
>>> 
>>> If there were, it would not be a short one.
>>> 
>>> If you could delete a file via HTTP alone, then anyone with a browser
>>> could delete files on your server.
>>> 
>>> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>>> 
>>> You could consider FTPS or SFTP, which are not available in the Community
>>> Edition but are in others via tsNet - but not without risk:
>>> 
>>> FTP and its secure variants are designed for ad hoc management of remote
>>> file stores. You can delete the file in question, but also any other, and
>>> can modify anything on the server in any way you like.
>>> 
>>> This is useful in tools like Filezilla, where the password is only stored
>>> on your own computer.
>>> 
>>> But if you hard-wire the password in a script, and that script is part of
>>> a publicly-distributed app, a memory dump can reveal the key to having
>>> complete control over everything on your server.
>>> 
>>> The most common way for apps to perform write tasks on servers is through
>>> an HTTP API, which would require something on the server to process the
>>> requests. That something can be PHP, Python, LiveCode Server, or other
>>> languages that work well with CGI.
>>> 
>>> You'd still want some way to authenticate the request, but since it's used
>>> only in a server script you write the scope of what can be done with it is
>>> much more limited.
>>> 
>>> And of course that assumes your web server is using HTTPS so credentials
>>> can be sent over secured connection, but given the many benefits of HTTPS
>>> and the free availability of SSL certs via the Let's Encrypt project
>>> (Dreamhost has a convenient option for Let's Encrypt in their control
>>> panel) I'm hoping we can assume all web servers managed by developers
>>> already have or will soon have HTTPS in place.
>>> 
>>> A tutorial for getting started with LiveCode Server is here:
>>> https://livecode.com/resources/guides/server/
>>> 
>>> I wish I had a one-liner solution for you.  But in the hostile environment
>>> of the Internet, writing network applications requires much more diligence
>>> than we used to enjoy back in the day.
>>> 
>>> --
>>> Richard Gaskin
>>> Fourth World Systems
>>> Software Design and Development for the Desktop, Mobile, and the Web
>>> 
>>> ambassa...@fourthworld.comhttp://www.FourthWorld.com
>>> 
>>> 
>>> ___
>>> use-livecode mailing list
>>> use-livecode@lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> 
>> ___

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Overwriting a file on a server

2018-03-06 Thread Graham Samuel via use-livecode
OK, I’ll be looking at it: I was not planning to use LiveCode server for this 
task, although as a matter of fact I do have a copy on the site in question for 
other purposes.

Thanks to you and to Richard G. I’ll report back when I’ve sorted it out.

Graham

> On 6 Mar 2018, at 17:38, Mike Bonner via use-livecode 
>  wrote:
> 
> The specific lesson for lc server file uploads is here:
> http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server
> 
> but as mentioned, setup https first!
> 
> On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
> use-livecode@lists.runrev.com> wrote:
> 
>> Graham Samuel wrote:
>> 
>>> However, I don’t seem to be able to mimic what my FTP software
>>> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
>>> a file on a server  - the file in question is part of a web site
>>> hosted by DreamHost. I just want to use the URL functionality to do
>>> this, as discussed in my conversation below, but I always get 405
>>> (http) or 530 (ftp). I have a vague suspicion that I should be
>>> transmitting my credentials to the server, which of course I did when
>>> I set up my FTP client, but I have absolutely no idea how to do this.
>>> 
>>> Many members of this list must have mucked around with files on a
>>> server - can someone point me to a tutorial on all this?
>> 
>> If there were, it would not be a short one.
>> 
>> If you could delete a file via HTTP alone, then anyone with a browser
>> could delete files on your server.
>> 
>> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>> 
>> You could consider FTPS or SFTP, which are not available in the Community
>> Edition but are in others via tsNet - but not without risk:
>> 
>> FTP and its secure variants are designed for ad hoc management of remote
>> file stores. You can delete the file in question, but also any other, and
>> can modify anything on the server in any way you like.
>> 
>> This is useful in tools like Filezilla, where the password is only stored
>> on your own computer.
>> 
>> But if you hard-wire the password in a script, and that script is part of
>> a publicly-distributed app, a memory dump can reveal the key to having
>> complete control over everything on your server.
>> 
>> The most common way for apps to perform write tasks on servers is through
>> an HTTP API, which would require something on the server to process the
>> requests. That something can be PHP, Python, LiveCode Server, or other
>> languages that work well with CGI.
>> 
>> You'd still want some way to authenticate the request, but since it's used
>> only in a server script you write the scope of what can be done with it is
>> much more limited.
>> 
>> And of course that assumes your web server is using HTTPS so credentials
>> can be sent over secured connection, but given the many benefits of HTTPS
>> and the free availability of SSL certs via the Let's Encrypt project
>> (Dreamhost has a convenient option for Let's Encrypt in their control
>> panel) I'm hoping we can assume all web servers managed by developers
>> already have or will soon have HTTPS in place.
>> 
>> A tutorial for getting started with LiveCode Server is here:
>> https://livecode.com/resources/guides/server/
>> 
>> I wish I had a one-liner solution for you.  But in the hostile environment
>> of the Internet, writing network applications requires much more diligence
>> than we used to enjoy back in the day.
>> 
>> --
>> Richard Gaskin
>> Fourth World Systems
>> Software Design and Development for the Desktop, Mobile, and the Web
>> 
>> ambassa...@fourthworld.comhttp://www.FourthWorld.com
>> 
>> 
>> ___
>> use-livecode mailing list
>> use-livecode@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Overwriting a file on a server

2018-03-06 Thread Mike Bonner via use-livecode
The specific lesson for lc server file uploads is here:
http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server

but as mentioned, setup https first!

On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
use-livecode@lists.runrev.com> wrote:

> Graham Samuel wrote:
>
> > However, I don’t seem to be able to mimic what my FTP software
> > (Transmit on the Mac, or FileZilla) can do, which is to easily delete
> > a file on a server  - the file in question is part of a web site
> > hosted by DreamHost. I just want to use the URL functionality to do
> > this, as discussed in my conversation below, but I always get 405
> > (http) or 530 (ftp). I have a vague suspicion that I should be
> > transmitting my credentials to the server, which of course I did when
> > I set up my FTP client, but I have absolutely no idea how to do this.
> >
> > Many members of this list must have mucked around with files on a
> > server - can someone point me to a tutorial on all this?
>
> If there were, it would not be a short one.
>
> If you could delete a file via HTTP alone, then anyone with a browser
> could delete files on your server.
>
> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>
> You could consider FTPS or SFTP, which are not available in the Community
> Edition but are in others via tsNet - but not without risk:
>
> FTP and its secure variants are designed for ad hoc management of remote
> file stores. You can delete the file in question, but also any other, and
> can modify anything on the server in any way you like.
>
> This is useful in tools like Filezilla, where the password is only stored
> on your own computer.
>
> But if you hard-wire the password in a script, and that script is part of
> a publicly-distributed app, a memory dump can reveal the key to having
> complete control over everything on your server.
>
> The most common way for apps to perform write tasks on servers is through
> an HTTP API, which would require something on the server to process the
> requests. That something can be PHP, Python, LiveCode Server, or other
> languages that work well with CGI.
>
> You'd still want some way to authenticate the request, but since it's used
> only in a server script you write the scope of what can be done with it is
> much more limited.
>
> And of course that assumes your web server is using HTTPS so credentials
> can be sent over secured connection, but given the many benefits of HTTPS
> and the free availability of SSL certs via the Let's Encrypt project
> (Dreamhost has a convenient option for Let's Encrypt in their control
> panel) I'm hoping we can assume all web servers managed by developers
> already have or will soon have HTTPS in place.
>
> A tutorial for getting started with LiveCode Server is here:
> https://livecode.com/resources/guides/server/
>
> I wish I had a one-liner solution for you.  But in the hostile environment
> of the Internet, writing network applications requires much more diligence
> than we used to enjoy back in the day.
>
> --
>  Richard Gaskin
>  Fourth World Systems
>  Software Design and Development for the Desktop, Mobile, and the Web
>  
>  ambassa...@fourthworld.comhttp://www.FourthWorld.com
>
>
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Overwriting a file on a server

2018-03-06 Thread Richard Gaskin via use-livecode

Graham Samuel wrote:

> However, I don’t seem to be able to mimic what my FTP software
> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
> a file on a server  - the file in question is part of a web site
> hosted by DreamHost. I just want to use the URL functionality to do
> this, as discussed in my conversation below, but I always get 405
> (http) or 530 (ftp). I have a vague suspicion that I should be
> transmitting my credentials to the server, which of course I did when
> I set up my FTP client, but I have absolutely no idea how to do this.
>
> Many members of this list must have mucked around with files on a
> server - can someone point me to a tutorial on all this?

If there were, it would not be a short one.

If you could delete a file via HTTP alone, then anyone with a browser 
could delete files on your server.


FTP is unsafe to use on the Internet, as it sends passwords in clear text.

You could consider FTPS or SFTP, which are not available in the 
Community Edition but are in others via tsNet - but not without risk:


FTP and its secure variants are designed for ad hoc management of remote 
file stores. You can delete the file in question, but also any other, 
and can modify anything on the server in any way you like.


This is useful in tools like Filezilla, where the password is only 
stored on your own computer.


But if you hard-wire the password in a script, and that script is part 
of a publicly-distributed app, a memory dump can reveal the key to 
having complete control over everything on your server.


The most common way for apps to perform write tasks on servers is 
through an HTTP API, which would require something on the server to 
process the requests. That something can be PHP, Python, LiveCode 
Server, or other languages that work well with CGI.


You'd still want some way to authenticate the request, but since it's 
used only in a server script you write the scope of what can be done 
with it is much more limited.


And of course that assumes your web server is using HTTPS so credentials 
can be sent over secured connection, but given the many benefits of 
HTTPS and the free availability of SSL certs via the Let's Encrypt 
project (Dreamhost has a convenient option for Let's Encrypt in their 
control panel) I'm hoping we can assume all web servers managed by 
developers already have or will soon have HTTPS in place.


A tutorial for getting started with LiveCode Server is here:
https://livecode.com/resources/guides/server/

I wish I had a one-liner solution for you.  But in the hostile 
environment of the Internet, writing network applications requires much 
more diligence than we used to enjoy back in the day.


--
 Richard Gaskin
 Fourth World Systems
 Software Design and Development for the Desktop, Mobile, and the Web
 
 ambassa...@fourthworld.comhttp://www.FourthWorld.com

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Overwriting a file on a server

2018-03-06 Thread Graham Samuel via use-livecode
More wisdom from Charles, sincere thanks!

However, I don’t seem to be able to mimic what my FTP software (Transmit on the 
Mac, or FileZilla) can do, which is to easily delete a file on a server  - the 
file in question is part of a web site hosted by DreamHost. I just want to use 
the URL functionality to do this, as discussed in my conversation below, but I 
always get 405 (http) or 530 (ftp). I have a vague suspicion that I should be 
transmitting my credentials to the server, which of course I did when I set up 
my FTP client, but I have absolutely no idea how to do this.

Many members of this list must have mucked around with files on a server - can 
someone point me to a tutorial on all this?

TIA

Graham

> On 6 Mar 2018, at 08:59, Charles Warwick via use-livecode 
>  wrote:
> 
> Hi Graham,
> 
>> On 5 Mar 2018, at 11:04 pm, Graham Samuel via use-livecode 
>>  wrote:
>> 
>> Another dumb question, I’m afraid. The dictionary says I can do
>> 
>> put tdata into URL [some url]
>> 
>> well, I want to put a file on my server (in this example, it’s a text file) 
>> to replace one of the same name. If I just try to steamroller it by ignoring 
>> the existing file, I get a ‘405’ error (forbidden method, I think). If I use 
>> an FTP client like Transmit, I get a warning about overwriting the file and 
>> a manual override.
>> 
>> How can I grow my own, by detecting the existing file and then overwriting 
>> it anyway? Should I delete the existing file as a separate operation? How 
>> can I be sure I have enough permission to do so?
> 
> You can use ‘delete URL’ to delete an FTP file.  If the result is not empty, 
> then it failed to delete it.
> 
> You could always try the ‘put’ first, and if you get a 405 error, try the 
> ‘delete’.  If the delete is successful, you can ‘put’ again.  If the delete 
> is unsuccessful, advise the user.
> 
> Cheers,
> 
> Charles
> 
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Overwriting a file on a server

2018-03-06 Thread Charles Warwick via use-livecode
Hi Graham,

> On 5 Mar 2018, at 11:04 pm, Graham Samuel via use-livecode 
>  wrote:
> 
> Another dumb question, I’m afraid. The dictionary says I can do
> 
>  put tdata into URL [some url]
> 
> well, I want to put a file on my server (in this example, it’s a text file) 
> to replace one of the same name. If I just try to steamroller it by ignoring 
> the existing file, I get a ‘405’ error (forbidden method, I think). If I use 
> an FTP client like Transmit, I get a warning about overwriting the file and a 
> manual override.
> 
> How can I grow my own, by detecting the existing file and then overwriting it 
> anyway? Should I delete the existing file as a separate operation? How can I 
> be sure I have enough permission to do so?

You can use ‘delete URL’ to delete an FTP file.  If the result is not empty, 
then it failed to delete it.

You could always try the ‘put’ first, and if you get a 405 error, try the 
‘delete’.  If the delete is successful, you can ‘put’ again.  If the delete is 
unsuccessful, advise the user.

Cheers,

Charles

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Overwriting a file on a server

2018-03-05 Thread Graham Samuel via use-livecode
Another dumb question, I’m afraid. The dictionary says I can do

  put tdata into URL [some url]

well, I want to put a file on my server (in this example, it’s a text file) to 
replace one of the same name. If I just try to steamroller it by ignoring the 
existing file, I get a ‘405’ error (forbidden method, I think). If I use an FTP 
client like Transmit, I get a warning about overwriting the file and a manual 
override.

How can I grow my own, by detecting the existing file and then overwriting it 
anyway? Should I delete the existing file as a separate operation? How can I be 
sure I have enough permission to do so?

I feel stupid asking all these questions - my only excuse is that LC has made 
it look sooo simple that I actually thought it was simple.

TIA for any advice

Graham
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode