The specific lesson for lc server file uploads is here:

but as mentioned, setup https first!

On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <> wrote:

> Graham Samuel wrote:
> > However, I don’t seem to be able to mimic what my FTP software
> > (Transmit on the Mac, or FileZilla) can do, which is to easily delete
> > a file on a server  - the file in question is part of a web site
> > hosted by DreamHost. I just want to use the URL functionality to do
> > this, as discussed in my conversation below, but I always get 405
> > (http) or 530 (ftp). I have a vague suspicion that I should be
> > transmitting my credentials to the server, which of course I did when
> > I set up my FTP client, but I have absolutely no idea how to do this.
> >
> > Many members of this list must have mucked around with files on a
> > server - can someone point me to a tutorial on all this?
> If there were, it would not be a short one.
> If you could delete a file via HTTP alone, then anyone with a browser
> could delete files on your server.
> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
> You could consider FTPS or SFTP, which are not available in the Community
> Edition but are in others via tsNet - but not without risk:
> FTP and its secure variants are designed for ad hoc management of remote
> file stores. You can delete the file in question, but also any other, and
> can modify anything on the server in any way you like.
> This is useful in tools like Filezilla, where the password is only stored
> on your own computer.
> But if you hard-wire the password in a script, and that script is part of
> a publicly-distributed app, a memory dump can reveal the key to having
> complete control over everything on your server.
> The most common way for apps to perform write tasks on servers is through
> an HTTP API, which would require something on the server to process the
> requests. That something can be PHP, Python, LiveCode Server, or other
> languages that work well with CGI.
> You'd still want some way to authenticate the request, but since it's used
> only in a server script you write the scope of what can be done with it is
> much more limited.
> And of course that assumes your web server is using HTTPS so credentials
> can be sent over secured connection, but given the many benefits of HTTPS
> and the free availability of SSL certs via the Let's Encrypt project
> (Dreamhost has a convenient option for Let's Encrypt in their control
> panel) I'm hoping we can assume all web servers managed by developers
> already have or will soon have HTTPS in place.
> A tutorial for getting started with LiveCode Server is here:
> I wish I had a one-liner solution for you.  But in the hostile environment
> of the Internet, writing network applications requires much more diligence
> than we used to enjoy back in the day.
> --
>  Richard Gaskin
>  Fourth World Systems
>  Software Design and Development for the Desktop, Mobile, and the Web
>  ____________________________________________________________________
> _______________________________________________
> use-livecode mailing list
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription 

Reply via email to