Graham Samuel wrote:

> However, I don’t seem to be able to mimic what my FTP software
> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
> a file on a server  - the file in question is part of a web site
> hosted by DreamHost. I just want to use the URL functionality to do
> this, as discussed in my conversation below, but I always get 405
> (http) or 530 (ftp). I have a vague suspicion that I should be
> transmitting my credentials to the server, which of course I did when
> I set up my FTP client, but I have absolutely no idea how to do this.
> Many members of this list must have mucked around with files on a
> server - can someone point me to a tutorial on all this?

If there were, it would not be a short one.

If you could delete a file via HTTP alone, then anyone with a browser could delete files on your server.

FTP is unsafe to use on the Internet, as it sends passwords in clear text.

You could consider FTPS or SFTP, which are not available in the Community Edition but are in others via tsNet - but not without risk:

FTP and its secure variants are designed for ad hoc management of remote file stores. You can delete the file in question, but also any other, and can modify anything on the server in any way you like.

This is useful in tools like Filezilla, where the password is only stored on your own computer.

But if you hard-wire the password in a script, and that script is part of a publicly-distributed app, a memory dump can reveal the key to having complete control over everything on your server.

The most common way for apps to perform write tasks on servers is through an HTTP API, which would require something on the server to process the requests. That something can be PHP, Python, LiveCode Server, or other languages that work well with CGI.

You'd still want some way to authenticate the request, but since it's used only in a server script you write the scope of what can be done with it is much more limited.

And of course that assumes your web server is using HTTPS so credentials can be sent over secured connection, but given the many benefits of HTTPS and the free availability of SSL certs via the Let's Encrypt project (Dreamhost has a convenient option for Let's Encrypt in their control panel) I'm hoping we can assume all web servers managed by developers already have or will soon have HTTPS in place.

A tutorial for getting started with LiveCode Server is here:

I wish I had a one-liner solution for you. But in the hostile environment of the Internet, writing network applications requires much more diligence than we used to enjoy back in the day.

 Richard Gaskin
 Fourth World Systems
 Software Design and Development for the Desktop, Mobile, and the Web

use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription 

Reply via email to