Search found 15 matches

by igorBUSvRhc
Sun May 27, 2012 2:41 am
Forum: Databases
Topic: How To Protect Against SQL Injection Attack?
Replies: 17
Views: 7949

Re: How To Protect Against SQL Injection Attack?

I guess we need to test this some time. I neer use LiveCode's built-in SQL commands, but when I have some time I'll try putting SQL syntax into the variables. I am currently doing the 'Business Academy' offered by RunRev, and the latest daily lesson is about performing SQL queries. During the lesso...
by igorBUSvRhc
Mon May 21, 2012 7:18 am
Forum: Getting Started with LiveCode - Complete Beginners
Topic: Option Menu - Labels & Values
Replies: 3
Views: 854

Option Menu - Labels & Values

Hi all! Often when we show an option menu, the value that the user 'picks' from the menu is not actually the value we want stored. For instance, I have an option menu that shows the names of the countries of the world for the user to pick. However, I do not want to store the full name of the countri...
by igorBUSvRhc
Mon May 14, 2012 10:44 am
Forum: Databases
Topic: How To Protect Against SQL Injection Attack?
Replies: 17
Views: 7949

Re: How To Protect Against SQL Injection Attack?

@bangkok, thank you for the suggestions: I believe the best system is a multiple system : -the desktop app would send only "parameters" -a mixing of "hard coded" queries on the server (UPDATE mytable set XX=parameter1 WHERE BB=parameter2, therefore if the hacker sends a subquery nested in the parame...
by igorBUSvRhc
Mon May 14, 2012 10:23 am
Forum: Software Development Cycles
Topic: Version Control
Replies: 24
Views: 21884

Re: Version Control

Thank you very much for this hint - this is the kind of thing that is useful for us, newbies: If you set the destroystack property of the stack to true it won't stay in memory when you close it. Then you won't have to remember to do anything special. There's a preference that automatically creates a...
by igorBUSvRhc
Mon May 14, 2012 10:15 am
Forum: Mac OS
Topic: OS X Mountain Lion
Replies: 14
Views: 5754

Re: OS X Mountain Lion

I think I just found the answer to my own question re: sandboxing, here:

http://forums.runrev.com/viewtopic.php? ... 024#p51406
by igorBUSvRhc
Mon May 14, 2012 10:12 am
Forum: Mac OS
Topic: OS X Mountain Lion
Replies: 14
Views: 5754

Re: OS X Mountain Lion

Many thanks for the report.

One question I have is in regards to "Gatekeeper", and code-signing. Are LiveCode desktop apps able to be code-signed - ie., gatekeeper-ready?
by igorBUSvRhc
Mon May 14, 2012 10:09 am
Forum: Databases
Topic: LiveCode security
Replies: 19
Views: 5762

Re: LiveCode security

Hi, Edoardo, Security is a very complex area, where there is never a 'one solution fits all' answer. You have to know what you are doing, otherwise you can easily expose and compromise your (or your client's) data. I've had a situation, for instance, where a client's disgruntled ex-employee maliciou...
by igorBUSvRhc
Wed May 09, 2012 4:08 am
Forum: Software Development Cycles
Topic: Need to Open Protected Hypercard Stack
Replies: 6
Views: 5804

Re: Need to Open Protected Hypercard Stack

"Unprotect XCMD" seems to be here (apologies, but apparently my account does not allow me to post URLs...):

http(colon, slash, slash)macgui.com(slash)downloads(slash)?file_id=19167
by igorBUSvRhc
Wed May 09, 2012 3:49 am
Forum: Software Development Cycles
Topic: Version Control
Replies: 24
Views: 21884

Re: Version Control

I am currently 'playing' with a trial version of LiveCode 5.5. Like you, I am also used to version control systems, in particular Git. It is quite possible to use version control to do 'project-wide' operations, like: branching, merging, and reverting to previous commits. Although the '.livecode' fi...
by igorBUSvRhc
Wed May 09, 2012 2:06 am
Forum: Databases
Topic: How To Protect Against SQL Injection Attack?
Replies: 17
Views: 7949

Re: How To Protect Against SQL Injection Attack?

Mark, thank you very much for the - very quick - response: The safest way is to hardcode your queries. Rather than sending complete queries from the desktop app to the server, only send a code and some data to the server. The code refers to a particular query and the data completes the query before ...
by igorBUSvRhc
Wed May 09, 2012 1:23 am
Forum: Databases
Topic: How To Protect Against SQL Injection Attack?
Replies: 17
Views: 7949

Re: How To Protect Against SQL Injection Attack?

@Mark, thank you for the input: If you're using commands like revExecuteSQL, it means that your web host allows for external access to the MySQL database server. I am actually developing a desktop app that is going to access data stored in a MySQL database running in the On-Rev servers. So I'll be u...
by igorBUSvRhc
Tue May 08, 2012 6:55 am
Forum: Databases
Topic: How To Protect Against SQL Injection Attack?
Replies: 17
Views: 7949

How To Protect Against SQL Injection Attack?

Hi all, I am writing an app that will process user data in and out of a database. The user data may be tainted or malicious. As far as I can tell, the LiveCode database commands like 'revQueryDatabase' and 'revExecuteSQL' do not automatically sanitise data that is passed to them via placeholder vari...
by igorBUSvRhc
Tue May 08, 2012 1:54 am
Forum: CGIs and the Server
Topic: Can the HTTP Response Code Be Changed?
Replies: 1
Views: 1344

Re: Can the HTTP Response Code Be Changed?

Worked it out on my own - posting what I found here, for future reference by others, and in case someone else may have a different solution. In order to set the HTTP response's status code, before sending any output to the client, set a 'status' header, like this: put header "Status: 405 Method Not ...
by igorBUSvRhc
Sun May 06, 2012 1:14 pm
Forum: Getting Started with LiveCode - Experienced Developers
Topic: RSA Public/Private Key Encryption
Replies: 4
Views: 8658

Re: RSA Public/Private Key Encryption

Apologies for the long post, but I hope that it will answer you question. ----------------------------------------------------- ENCRYPTING DATA WITH AES ----------------------------------------------------- There are many ways to encrypt data, using mathematical methods called 'ciphers'. As clever a...
by igorBUSvRhc
Sun May 06, 2012 11:25 am
Forum: CGIs and the Server
Topic: Can the HTTP Response Code Be Changed?
Replies: 1
Views: 1344

Can the HTTP Response Code Be Changed?

Hi all, I am trying to setup a RESTful server in On-Rev. If the client is trying to perform an operation at a certain URL, and that operation is not allowed - ie., the client is trying to 'POST' information to a URL that only accepts 'GET' requests - then my response should contain a "405" status co...

Go to advanced search