Re: Secure connection to server

[Neville Smythe via use-livecode]

I have now moved all my code from php to LiveCode server as the middle-ware.

Firstly it appears that the LiveCode post operation does reuse authentication 
credentials to an https connection as long as calls are made within a single 
script. In my case the first call typically takes slightly more than 1 second, 
subsequent calls in the same script take under half a second.

This is still not adequate to conduct a conversation with the remote database, 
as was possible when connecting directly, but at least in my case I can get 
away with just two calls from clients to server: first “tell me the current 
status of all this stuff”, second “please update the db using this stuff”. It 
means packing and unpacking “stuff” into large files at each end, but LC is so 
easy and efficient at text processing that was not difficult. Indeed as usual 
with refactoring, I found a number of code improvements.

The remaining really slow operation involves managing the mail distribution 
lists. DreamHost is still using Mailman 2.x, so that the only way to get the 
current list of subscribers is to scrape the admin web pages. There is a well 
known subscriberlist.py python script to do this but it is painfully slow. When 
used directly (insecurely) from the client, this took 10 seconds or so to 
gather 175 subscribers. Transferring this to the server side with lc 
authentication in-between, it now takes 14 to 15 seconds; I’m not sure why it 
is more that 2 seconds slower but it is what it is. I have rewritten this as an 
lc script, which shaves a couple of seconds off; to be fair the python script 
is doing rather more than my lc script as it is much more generic. And on the 
other hand I can understand what my script is doing, whereas the python script 
is rather opaque (to me).

So overall I am very happy with LC server. And I have a new toy to play with 
for the New Year.

Neville

> On 16 Dec 2020, at 11:32 am, Neville Smythe  
> wrote:
> 
> A little while ago in this forum we were alerted to the fact that LC direct 
> connection to a remote database not using SSL was a security hole. This also 
> applies to managing Mailman lists on a remote server.
> 
> After a steep (re-)learning curve with the various technologies, I now have a 
> working method in place for both mysql and Mailman connections, using php as 
> middleware and posting via curl in a shell script. But it is sooo slooow.
> 
> Direct connection downloaded an sql query in a fraction of a second. It now 
> takes over a second. This is acceptable (barely) for an isolated call,  but I 
> sometimes need to make a sequence of posts. As I understand it, the slowness 
> is due to the time required to establish the secure connection, not an LC 
> problem. For example establishing an ssh connection in Terminal is even 
> slower; but once established an ssh session is super fast. Similarly curl 
> will reuse authentication credentials within a shell session, so I aggregate 
> as many calls as I can with a single shell script before using 
> shell(myscript), and this definitely helps.
> 
> What I would like to do however is use LC server as the middleware: I could 
> then process the required data on the server side; I could not contemplate 
> using php to do this. I suspect the LC post command uses curl under the hood, 
> but I also suspect each post call would create its own session. I don’t think 
> it is possible to establish a single session to talk sequentially to 
> lcserver; if so this would be too slow. Am I correct? 
> 
> Actually I guess I could  just use my present method using curl and shell() 
> instead of post, but addressed to an .lc script instead of .php?
> 
> Or is there a whole better way to do what I want? 
> 
> Neville Smythe
> 
> 


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Secure connection to server

[doc hawk via use-livecode]

There was supposedly an effort to enable secure Postgres connection a few years 
ago, but it seems to have withered and died.

I had to give up on mysql for postgesql one the need to send compound queries.  
AFAIK, you still can’t do a block mysql transaction in mysql with livecode, 
making rollback impossible. (Well, I suppose you *could* do a big runaround 
with timestamps and faux “transaction” keys, but you’re still counting on the 
client end not failing).

If I got forward with the project, I’m going to be encrypting the data at the 
client end.  It limits the types of transactions possible, but that’s fine for 
what I do.  (But an actual secure Postgres connection would be far better . . . 
)


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Secure connection to server

[Bob Sneidar via use-livecode]

I think I remember why I couldn’t do it. I was using the loopback connector for 
some reason.

Bob S


On Dec 22, 2020, at 2:21 PM, Ralph DiMola via use-livecode 
mailto:use-livecode@lists.runrev.com>> wrote:

Tried it on Mac (Mojave) and it worked. Though I did have to use the IP address 
rather than the Mac's name in the client. I wonder what I'm doing wrong?

Ralph DiMola
IT Director
Evergreen Information Services
rdim...@evergreeninfo.net

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

RE: Secure connection to server

[Ralph DiMola via use-livecode]

Tried it on Mac (Mojave) and it worked. Though I did have to use the IP address 
rather than the Mac's name in the client. I wonder what I'm doing wrong?

Ralph DiMola
IT Director
Evergreen Information Services
rdim...@evergreeninfo.net

-Original Message-
From: use-livecode [mailto:use-livecode-boun...@lists.runrev.com] On Behalf Of 
Bob Sneidar via use-livecode
Sent: Tuesday, December 22, 2020 4:48 PM
To: How to use LiveCode
Cc: Bob Sneidar
Subject: Re: Secure connection to server

Hmmm… didn’t work on my Mac. Not sure why, it may be something I did.

Bob S


On Dec 22, 2020, at 1:48 PM, Ralph DiMola via use-livecode 
mailto:use-livecode@lists.runrev.com>> wrote:

I'm able to have the socket client and server on the same device. (Win 10)

Ralph DiMola
IT Director
Evergreen Information Services
rdim...@evergreeninfo.net<mailto:rdim...@evergreeninfo.net>

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Secure connection to server

[Bob Sneidar via use-livecode]

Hmmm… didn’t work on my Mac. Not sure why, it may be something I did.

Bob S


On Dec 22, 2020, at 1:48 PM, Ralph DiMola via use-livecode 
mailto:use-livecode@lists.runrev.com>> wrote:

I'm able to have the socket client and server on the same device. (Win 10)

Ralph DiMola
IT Director
Evergreen Information Services
rdim...@evergreeninfo.net

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

RE: Secure connection to server

[Ralph DiMola via use-livecode]

I'm able to have the socket client and server on the same device. (Win 10)

Ralph DiMola
IT Director
Evergreen Information Services
rdim...@evergreeninfo.net


-Original Message-
From: use-livecode [mailto:use-livecode-boun...@lists.runrev.com] On Behalf Of 
Bob Sneidar via use-livecode
Sent: Tuesday, December 22, 2020 4:34 PM
To: How to use LiveCode
Cc: Bob Sneidar
Subject: Re: Secure connection to server

I created a simple client and server stack combo that uses sockets to pass an 
encrypted stream of data back and forth. I have been meaning to implement it 
for the very reasons you suggest, but since the nature of the data doesn’t 
demand it, and since I develop basically gratis for the company I work for, it 
hasn’t been a priority. The concept is simple though. Start with a server stack 
that listens on a certain port, then create a client stack that opens a port to 
that server. (You can’t do it on a single workstation, the server has to be a 
different device.)

Once you have that, code the server to accept the data, then send it back to 
the client. Once that is working, encrypt / decrypt the data both ways and 
check that what you sent is what you receive.

Finally code the server to receive the data, do some process then return the 
resulting data. Simple, right? :-)

Bob S


On Dec 15, 2020, at 4:32 PM, Neville Smythe via use-livecode 
mailto:use-livecode@lists.runrev.com>> wrote:

A little while ago in this forum we were alerted to the fact that LC direct 
connection to a remote database not using SSL was a security hole. This also 
applies to managing Mailman lists on a remote server.

After a steep (re-)learning curve with the various technologies, I now have a 
working method in place for both mysql and Mailman connections, using php as 
middleware and posting via curl in a shell script. But it is sooo slooow.

Direct connection downloaded an sql query in a fraction of a second. It now 
takes over a second. This is acceptable (barely) for an isolated call,  but I 
sometimes need to make a sequence of posts. As I understand it, the slowness is 
due to the time required to establish the secure connection, not an LC problem. 
For example establishing an ssh connection in Terminal is even slower; but once 
established an ssh session is super fast. Similarly curl will reuse 
authentication credentials within a shell session, so I aggregate as many calls 
as I can with a single shell script before using shell(myscript), and this 
definitely helps.

What I would like to do however is use LC server as the middleware: I could 
then process the required data on the server side; I could not contemplate 
using php to do this. I suspect the LC post command uses curl under the hood, 
but I also suspect each post call would create its own session. I don’t think 
it is possible to establish a single session to talk sequentially to lcserver; 
if so this would be too slow. Am I correct?

Actually I guess I could  just use my present method using curl and shell() 
instead of post, but addressed to an .lc script instead of .php?

Or is there a whole better way to do what I want?

Neville Smythe

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Secure connection to server

[Bob Sneidar via use-livecode]

I created a simple client and server stack combo that uses sockets to pass an 
encrypted stream of data back and forth. I have been meaning to implement it 
for the very reasons you suggest, but since the nature of the data doesn’t 
demand it, and since I develop basically gratis for the company I work for, it 
hasn’t been a priority. The concept is simple though. Start with a server stack 
that listens on a certain port, then create a client stack that opens a port to 
that server. (You can’t do it on a single workstation, the server has to be a 
different device.)

Once you have that, code the server to accept the data, then send it back to 
the client. Once that is working, encrypt / decrypt the data both ways and 
check that what you sent is what you receive.

Finally code the server to receive the data, do some process then return the 
resulting data. Simple, right? :-)

Bob S


On Dec 15, 2020, at 4:32 PM, Neville Smythe via use-livecode 
mailto:use-livecode@lists.runrev.com>> wrote:

A little while ago in this forum we were alerted to the fact that LC direct 
connection to a remote database not using SSL was a security hole. This also 
applies to managing Mailman lists on a remote server.

After a steep (re-)learning curve with the various technologies, I now have a 
working method in place for both mysql and Mailman connections, using php as 
middleware and posting via curl in a shell script. But it is sooo slooow.

Direct connection downloaded an sql query in a fraction of a second. It now 
takes over a second. This is acceptable (barely) for an isolated call,  but I 
sometimes need to make a sequence of posts. As I understand it, the slowness is 
due to the time required to establish the secure connection, not an LC problem. 
For example establishing an ssh connection in Terminal is even slower; but once 
established an ssh session is super fast. Similarly curl will reuse 
authentication credentials within a shell session, so I aggregate as many calls 
as I can with a single shell script before using shell(myscript), and this 
definitely helps.

What I would like to do however is use LC server as the middleware: I could 
then process the required data on the server side; I could not contemplate 
using php to do this. I suspect the LC post command uses curl under the hood, 
but I also suspect each post call would create its own session. I don’t think 
it is possible to establish a single session to talk sequentially to lcserver; 
if so this would be too slow. Am I correct?

Actually I guess I could  just use my present method using curl and shell() 
instead of post, but addressed to an .lc script instead of .php?

Or is there a whole better way to do what I want?

Neville Smythe

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode