LC server install on a shared host without root

Are you using LiveCode to create server scripts or CGIs?

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

liveme
Posts: 240
Joined: Thu Aug 27, 2015 5:22 pm
Location: down under

Re: LC server install on a shared host without root

Post by liveme » Thu Feb 18, 2021 5:35 am

So for scenarios where shared hosting is a good fit it's reasonably safe.
Okay, then it can depend on the hosting rules too. Thanks, I'll check how much safe I can make it.

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: LC server install on a shared host without root

Post by FourthWorld » Thu Feb 18, 2021 7:13 am

liveme wrote:
Thu Feb 18, 2021 5:35 am
So for scenarios where shared hosting is a good fit it's reasonably safe.
Okay, then it can depend on the hosting rules too. Thanks, I'll check how much safe I can make it.
Do you have a hardening checklist you use?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

liveme
Posts: 240
Joined: Thu Aug 27, 2015 5:22 pm
Location: down under

Re: LC server install on a shared host without root

Post by liveme » Thu Feb 18, 2021 8:46 am

by hardening do you mean, security good practice, if so, no I dont yet...I'm still at the very begining of making my first crud scripts working.
...,then I would go into using regex, anti sql-injections setups; etc..

I've just succeded today in writing to the DB from within an LC stack using $Post !
after severals days bumping into the dark :lol: !
Sync from the DB to the Stack are in my todo for tomorrow !
Then I should be ready to start building the whole desktop/Mobile project arround.

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: LC server install on a shared host without root

Post by FourthWorld » Fri Feb 19, 2021 9:38 pm

liveme wrote:
Thu Feb 18, 2021 8:46 am
by hardening do you mean, security good practice, if so, no I dont yet...I'm still at the very begining of making my first crud scripts working.
...,then I would go into using regex, anti sql-injections setups; etc..
That seems like a good plan.
I've just succeded today in writing to the DB from within an LC stack using $Post !
after severals days bumping into the dark :lol: !
Sync from the DB to the Stack are in my todo for tomorrow !
Then I should be ready to start building the whole desktop/Mobile project arround.
Well done.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

liveme
Posts: 240
Joined: Thu Aug 27, 2015 5:22 pm
Location: down under

Re: LC server install on a shared host without root

Post by liveme » Fri Feb 19, 2021 10:16 pm

if you have any links about good practice, always welcomed !

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: LC server install on a shared host without root

Post by FourthWorld » Fri Feb 19, 2021 10:25 pm

liveme wrote:
Fri Feb 19, 2021 10:16 pm
if you have any links about good practice, always welcomed !
When I was getting started with server management I made a habit of searching for things like "server security checklist" and such. Since you're using a shared host most of the nitty gritty is taken care of for you, but the things you've identified like mitigating injections and other MySQL practices make a good focus.

Also, brush up on Linux permissions if they're not already second nature to you. They affect so much, they're not that hard to learn, and they provide so much confidence with how you manage things once you get your head wrapped around them.

Every now and then I go back and run the same types of searches, and read through the various checklists I find to see what I've missed. When you start getting bored because you rarely find new suggestions you're not already doing that's the best sign, objective validation that you've already learned a lot.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: LC server install on a shared host without root

Post by FourthWorld » Fri Feb 19, 2021 10:28 pm

Oh, here's one most checklists miss:

Remember that the computer you use to access your server is a gateway to controlling that server. Many people focus only on the server itself, and forget about its entry points. A laptop that has SSH key and passwords on it that gets stolen means the thief now also has the means to control your server and its resources.

So add personal computing safety to your ongoing reading. The safer your computer is, the safer everything it touches will be.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: LC server install on a shared host without root

Post by FourthWorld » Fri Feb 19, 2021 10:30 pm

And a bonus: if you come across anything by Kyle Rankin, read it.

His latest book is especially good. It covers a lot of ground that won't affect you as a shared hosting user, but a lot of it will. And later on when you move to a VPS you'll be able to go back to this book to learn more.

https://www.pearson.com/us/higher-educa ... 37619.html
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

liveme
Posts: 240
Joined: Thu Aug 27, 2015 5:22 pm
Location: down under

Re: LC server install on a shared host without root

Post by liveme » Fri Feb 19, 2021 11:22 pm

Thanks, so true...I think after applying each ot the collected requested receipes about Security...
... one could finally publish its own "updated" G.P. book then !
:lol: :lol:

Post Reply

Return to “CGIs and the Server”