Can any experienced HTTPS/MySQL user help build webservice.

Creating desktop or client-server database solutions?

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Wed Dec 06, 2017 12:41 am

Hi,

I´m trying to build an "easiest to code" webservice in order to read/write to a mySQL DB.
I´ve got an HTTPS server
The provider already pointed to a client/server solution that works well ..although harder to adapt I believe.

Now I´m trying to run this next one: :idea:
http://lessons.livecode.com/s/lessons/m ... g-livecode

Which seems much easier to start, but doesnt run.
I guess this line has to be changed, and I tried entering my real server name www.***.com but without success.
The debugger itself returns the error:
button "Button": execution error at line 43 (Chunk: error in object expression) near "http://myrealserver.com:8081/livecode/samplexml1.php", char 8

(I tested https:// http://www... http:// ..without:8081/livecode/...) :?

How would I configure the stack so it does work ?
Tks for your time !! :wink:

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 366
Joined: Tue Apr 10, 2012 9:18 am

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by ghettocottage » Wed Dec 06, 2017 3:10 am

Where is your server hosted at? Do you have root? Can you run Livecode Server on it?

Can you elaborate a little more on this sentence:
The provider already pointed to a client/server solution that works well ..although harder to adapt I believe.

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Wed Dec 06, 2017 4:07 am

Yes, HostM, comes with LC server.
shared hosting I believe
method used: https://www.hostm.com/tutorials/livecod ... iadb-mysql

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 366
Joined: Tue Apr 10, 2012 9:18 am

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by ghettocottage » Wed Dec 06, 2017 5:53 am

I am a little confused about which method you are using? PHP or Livecode Server?

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Wed Dec 06, 2017 6:44 am

Well any method that is safe that is NOT accessing the MySQL DB direclty would do for DB queries/results, etc.
I don´t know if PHP or Livecode server offers the same safety...

I´m also still trying to figure out how this all thing works since I´m quite new to the LC system.

Any safe way to start with will be a plus 8)

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 366
Joined: Tue Apr 10, 2012 9:18 am

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by ghettocottage » Wed Dec 06, 2017 3:25 pm

How far did you get with the Livecode Server method?

Either way can be safe, as far as that goes, although I am not sure there is any real "safeness" on the internet nowadays, just different levels of difficulty.

Is the data sensitive? Who will be using the app?

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Wed Dec 06, 2017 3:34 pm

Following HostM sample Client/server access, I can run it w/o problem.
Create/update/retreive are the basic Ops of their script, all through HttpS, so its working fine.

Now, I wouldnt know how to modify it to do my own lilte business, like : retrieve ALL users data, and other type of jobs.

As for the APP, it woul be in hands of public users.
It probalby would have some sort of Group{s membership-
A bit of Personal data would be nec, but no credit card stuff, no money involved.
fone number, name, city, etc..

(that s the only method I have tried succesfully so far)

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 366
Joined: Tue Apr 10, 2012 9:18 am

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by ghettocottage » Wed Dec 06, 2017 6:37 pm

It sounds like you will have to work your way through it bit by bit. My suggestion is to use Livecode on both ends (server and client), which will make things a little easier.

Let us know as you have specific questions for each step. It can be difficult to answer broad questions like "it does not work for me"

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Mon Dec 11, 2017 9:09 pm

You also need to know first who will access that database.
Is it just one user or say one IP address then you could go for LC directly.
If you need different people to access the DB, then either you need to grant every IP from the different users to access the DB. Or grant everyone 'even the people you don't want'.
And if that's impossible then you need to use so called middleware for example PHP

So the PHP files are on your server, so the DB thinks it is local access, then with your LC app you communicate with th ePHP middleware. Probaly you could also use LC-server for it, i don't know, i never used it.

If you want to know how to use PHP for it then read this: http://forums.livecode.com/viewtopic.php?f=12&t=27521

anyway or another a script needs to have access to the DB

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Mon Dec 11, 2017 9:24 pm

Thanks Sphere,

Yes, I m planning for open to public clients access.

(I´ll figure out how to "filter" non-subscribed ppl or work with filtered member groups)
...something is obviously nec. here - if possible !

I m right now testing some script "Cotage has left ahead in the Post he mentioned..
and it seems to be working using the "server method" retreive way for instance.

I´ll give a good check at your post next coz I m interested in the PHP way too ! :wink:

ONE Question gets coming back to me :

Which method of those two is the Safest against online access hacking ???
...or I should say : Weaker than the other one !
Can PHP or the LC server script be "protected" so they do not compromise your Database access/content ?

Mostly when the middleware containts all your DB, name and PW DBUser name...
and can be downloaded with a single clic..is that ever "protectable" ?!!
:lol:
What is your knowledge/expertise about that ?

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by FourthWorld » Mon Dec 11, 2017 9:52 pm

teriibi wrote:
Mon Dec 11, 2017 9:24 pm
Which method of those two is the Safest against online access hacking ???
Neither. Security is not a technology choice. It's an ongoing process, hopefully one that influences decisions throughout the design, development, and deployment process.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Tue Dec 12, 2017 2:09 am

Tks, that s also True !

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by FourthWorld » Tue Dec 12, 2017 4:09 am

More specifically, this part was a good question:
Can PHP or the LC server script be "protected" so they do not compromise your Database access/content ?
Short answer: yes.

Medium answer: Nothing is ever completely secure; everything is hackable. But good practices can greatly mitigate risk.

Long answer: The average human lifespan is roughly 25,500 days. Invest one of them reading everything you can find on securing a server. There's plenty out there. Some of it's garbage, most of it's at least useful. If you spend a full day on this, by the end you'll have a good orientation to the types of vulnerabilities developers face in general, and a good starting point for identifying ways to mitigate risks for the type of app you want to build specifically. And by spending a full day on it, you'll have spent more time than many others (sad but true).

With that orientation, you can take a second day to research the details of what your app will need, and put together a checklist of things to consider as you flesh out the design, to harden the system, to automate recovery for when it gets hacked, to monitor so you'll know when you get hacked.

With that checklist, on the third day you can get back to coding, but now you can do so with more confidence, having become familiar with the principles and practices of the craft.

Sure, three days is a lot of time. But it's a fraction of the time required to clean up after a hack. And the investment will serve you well, starting you on a security awareness voyage that will carry your career through sometimes-treacherous waters with greater safety.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

sphere
Posts: 1145
Joined: Sat Sep 27, 2014 10:32 am
Location: Earth, Except when i Jump

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by sphere » Tue Dec 12, 2017 8:18 pm

Hi, indeed as Richard says.

i have no experience to it using lc-server as i said.
But in the PHP code i use PDO statements which binds a posted value to the place in DB where it should be stored.
Now these 'placeholders' are also in the lc code from where you send.
By binding a value it get's more difficult to get injected by hackers.

Also MySQLi uses this, so if you can then use mariaDB as it seems to be faster and 100% compatible with MySQL and is not from Oracle :mrgreen: but from the inventor of MySQL.

Using PDO you can use almost any type of DB by changing one line only. So i you don't like MariaDB you can switch to another.

The password and username are always in a (mostly separate) php file which is being called in a script, it also depends on your host how safe it is to get the data in it.

As i did it also on trial and error as i am no PHP programmer, i know the HowTo works. I use it on some projects.
And i you have data which may not be seen ever then en/de-crypt it in the application and send the encrypted data to the DB.

teriibi
Posts: 254
Joined: Mon Nov 13, 2017 3:49 pm
Location: Bolivia

Re: Can any experienced HTTPS/MySQL user help build webservice.

Post by teriibi » Thu Dec 14, 2017 2:55 pm

Thanks sphere I liked youir approach...
I ll dig into to this DPO feature.

I also goolged MySLQi - " i " -that I never heard of before but G only returns ref to MySQL.
... is it some more advanced MySQL version type ? :?:

Post Reply

Return to “Databases”