In case anyone was holding their breath, I have just realised that the data I 
wanted to store on the server can be stored elsewhere (in the application data 
area, as a property of a stack). So I won’t be in such a hurry to learn this 
stuff, though I know its value and will do so eventually.


I wrote just now:

> OK, I’ll be looking at it: I was not planning to use LiveCode server for this 
> task, although as a matter of fact I do have a copy on the site in question 
> for other purposes.
> Thanks to you and to Richard G. I’ll report back when I’ve sorted it out.
> Graham
>> On 6 Mar 2018, at 17:38, Mike Bonner via use-livecode 
>> <> wrote:
>> The specific lesson for lc server file uploads is here:
>> but as mentioned, setup https first!
>> On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
>>> wrote:
>>> Graham Samuel wrote:
>>>> However, I don’t seem to be able to mimic what my FTP software
>>>> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
>>>> a file on a server  - the file in question is part of a web site
>>>> hosted by DreamHost. I just want to use the URL functionality to do
>>>> this, as discussed in my conversation below, but I always get 405
>>>> (http) or 530 (ftp). I have a vague suspicion that I should be
>>>> transmitting my credentials to the server, which of course I did when
>>>> I set up my FTP client, but I have absolutely no idea how to do this.
>>>> Many members of this list must have mucked around with files on a
>>>> server - can someone point me to a tutorial on all this?
>>> If there were, it would not be a short one.
>>> If you could delete a file via HTTP alone, then anyone with a browser
>>> could delete files on your server.
>>> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>>> You could consider FTPS or SFTP, which are not available in the Community
>>> Edition but are in others via tsNet - but not without risk:
>>> FTP and its secure variants are designed for ad hoc management of remote
>>> file stores. You can delete the file in question, but also any other, and
>>> can modify anything on the server in any way you like.
>>> This is useful in tools like Filezilla, where the password is only stored
>>> on your own computer.
>>> But if you hard-wire the password in a script, and that script is part of
>>> a publicly-distributed app, a memory dump can reveal the key to having
>>> complete control over everything on your server.
>>> The most common way for apps to perform write tasks on servers is through
>>> an HTTP API, which would require something on the server to process the
>>> requests. That something can be PHP, Python, LiveCode Server, or other
>>> languages that work well with CGI.
>>> You'd still want some way to authenticate the request, but since it's used
>>> only in a server script you write the scope of what can be done with it is
>>> much more limited.
>>> And of course that assumes your web server is using HTTPS so credentials
>>> can be sent over secured connection, but given the many benefits of HTTPS
>>> and the free availability of SSL certs via the Let's Encrypt project
>>> (Dreamhost has a convenient option for Let's Encrypt in their control
>>> panel) I'm hoping we can assume all web servers managed by developers
>>> already have or will soon have HTTPS in place.
>>> A tutorial for getting started with LiveCode Server is here:
>>> I wish I had a one-liner solution for you.  But in the hostile environment
>>> of the Internet, writing network applications requires much more diligence
>>> than we used to enjoy back in the day.
>>> --
>>> Richard Gaskin
>>> Fourth World Systems
>>> Software Design and Development for the Desktop, Mobile, and the Web
>>> ____________________________________________________________________
>>> _______________________________________________
>>> use-livecode mailing list
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>> _______________________________________________

use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription 

Reply via email to