LiveCode Forums

I guess we need to test this some time. I neer use LiveCode's built-in SQL commands, but when I have some time I'll try putting SQL syntax into the variables. I am currently doing the 'Business Academy' offered by RunRev, and the latest daily lesson is about performing SQL queries. During the lesso...

Hi all! Often when we show an option menu, the value that the user 'picks' from the menu is not actually the value we want stored. For instance, I have an option menu that shows the names of the countries of the world for the user to pick. However, I do not want to store the full name of the countri...

@bangkok, thank you for the suggestions: I believe the best system is a multiple system : -the desktop app would send only "parameters" -a mixing of "hard coded" queries on the server (UPDATE mytable set XX=parameter1 WHERE BB=parameter2, therefore if the hacker sends a subquery nested in the parame...

Thank you very much for this hint - this is the kind of thing that is useful for us, newbies: If you set the destroystack property of the stack to true it won't stay in memory when you close it. Then you won't have to remember to do anything special. There's a preference that automatically creates a...

I think I just found the answer to my own question re: sandboxing, here:

http://forums.runrev.com/viewtopic.php? ... 024#p51406

Many thanks for the report.

One question I have is in regards to "Gatekeeper", and code-signing. Are LiveCode desktop apps able to be code-signed - ie., gatekeeper-ready?

Hi, Edoardo, Security is a very complex area, where there is never a 'one solution fits all' answer. You have to know what you are doing, otherwise you can easily expose and compromise your (or your client's) data. I've had a situation, for instance, where a client's disgruntled ex-employee maliciou...

"Unprotect XCMD" seems to be here (apologies, but apparently my account does not allow me to post URLs...):

http(colon, slash, slash)macgui.com(slash)downloads(slash)?file_id=19167

I am currently 'playing' with a trial version of LiveCode 5.5. Like you, I am also used to version control systems, in particular Git. It is quite possible to use version control to do 'project-wide' operations, like: branching, merging, and reverting to previous commits. Although the '.livecode' fi...

Mark, thank you very much for the - very quick - response: The safest way is to hardcode your queries. Rather than sending complete queries from the desktop app to the server, only send a code and some data to the server. The code refers to a particular query and the data completes the query before ...

@Mark, thank you for the input: If you're using commands like revExecuteSQL, it means that your web host allows for external access to the MySQL database server. I am actually developing a desktop app that is going to access data stored in a MySQL database running in the On-Rev servers. So I'll be u...

Hi all, I am writing an app that will process user data in and out of a database. The user data may be tainted or malicious. As far as I can tell, the LiveCode database commands like 'revQueryDatabase' and 'revExecuteSQL' do not automatically sanitise data that is passed to them via placeholder vari...

Worked it out on my own - posting what I found here, for future reference by others, and in case someone else may have a different solution. In order to set the HTTP response's status code, before sending any output to the client, set a 'status' header, like this: put header "Status: 405 Method Not ...

Apologies for the long post, but I hope that it will answer you question. ----------------------------------------------------- ENCRYPTING DATA WITH AES ----------------------------------------------------- There are many ways to encrypt data, using mathematical methods called 'ciphers'. As clever a...

Hi all, I am trying to setup a RESTful server in On-Rev. If the client is trying to perform an operation at a certain URL, and that operation is not allowed - ie., the client is trying to 'POST' information to a URL that only accepts 'GET' requests - then my response should contain a "405" status co...