LiveCode Forums.

Hello!
A question from my submarine .. a stupid question of course ...
If you buy the Indy version of LC, the server scripts are also "protected"?
Thank you all!

Mariasole
( ^..^)ﾉ

Unless someone has shell or FTP access to your server, all server-side scripts are protected. You would only need to use the Indy or Business edition of LiveCode Server if you want to distribute protected stack files for others to use on their servers with their own Indy or Business edition of LiveCode.

FourthWorld wrote:Unless someone has shell or FTP access to your server, all server-side scripts are protected. You would only need to use the Indy or Business edition of LiveCode Server if you want to distribute protected stack files for others to use on their servers with their own Indy or Business edition of LiveCode.

Thanks Richard!
tell me if I understand correctly.
I have a html file (I use this extension instead of LC via htaccess) on server like this:

And then a file hello.lc

The "hello.lc" file with LC Server Community can be opened by anyone (eg my provider ), but if I save with LC Indy would be unreadable (ie encrypted). I'm on the right track? Or rather, in the right submarine canyon?

Grazie carissimo Richard!
Mariasole
( ^..^)ﾉ

Run that script from your browser, then in the browser select "Show Page Source". When LC Server is running correctly, any LiveCode scripts between <?lc and ?> should be replaced with the output of the script evaluation, so only the output is present in the page sent to the client, and not the code from which it was derived.

BTW: Nice to see you're continuing your Server explorations.

Thank you always help me in this my exploration , but as you see I'm still on the high seas !

It 's true, from the browser's point of view, you're absolutely right.

But if a data thief stole me the ftp account and download the "hello.lc" file that contains my super secret script, the thief could read and copy the content of the file?

If I use LCS Community the thief download the file and open it, and I know that.

If I use LCS Indy (or Business) the thief download the file and can not open it because it is protected?

It's right?


Grazie davvero Richard!

Mariasole
( ^..^)ﾉ

1. Use strong password (greater than 12 chars)

2. Never use FTP - it sends passwords in plain text so anyone sniffing the line can get access to the site. Use SFTP on shared hosts, and if it's a VPS I can send some links to how to secure it with shared keys so no password will ever be accepted at all.

3. Once someone has access to your site stolen code is the least of your worries. Assume they've planted malicious code throughout, clear everything, reset the password, and restore from a known good backup. I hate to be the bearer of bad news, but I prefer you sleep comfortably and I know you want to provide good services to your site visitors, rather than have your site hikacked and take your visitors to malicious sites. It's happened to two friends of mine, and I hope that doesn't happen to you.

As for protecting code, as long as the server is secure there's usually not much of an issue there. PHP is the world's most popular choice for server-side work, and it offers no means of protecting code at all.

But if you want to go the extra mile you can put code in stacks and protect those by setting the stack's password property. In your .lc file you'd "start using <stackname>". and then put calls to routines defined in your library stack.

Richard is, as usual, correct. I just wanted to give the short answer:

Anyone with access to the server will be able to read the scripts in hello.lc. If you want to password protect that file (encrypt it) then you need to use the commercial Indy server to open it.

This is the case with my Zygodact product too, which is locked and protected. My customers must run the commercial server if they want to distribute serial keys from a CGI.

jacque wrote: Anyone with access to the server will be able to read the scripts in hello.lc. If you want to password protect that file (encrypt it) then you need to use the commercial Indy server to open it.

Thanks Richard and thanks Jacque!

So, summarizing:

Live Code Community Server ---> hello.lc file is open to anyone with the credentials to access the server can open it and read its contents

Live Code INDY (or Business) Server ----> hello.lc file can be encrypted and password protected, so that only those who have the password can open it.

I can give as a fact?

Thank you all for your patience!

Mariasole
( ^..^)ﾉ

Mariasole wrote:

jacque wrote: Anyone with access to the server will be able to read the scripts in hello.lc. If you want to password protect that file (encrypt it) then you need to use the commercial Indy server to open it.

Thanks Richard and thanks Jacque!

So, summarizing:

Live Code Community Server ---> hello.lc file is open to anyone with the credentials to access the server can open it and read its contents

Live Code INDY (or Business) Server ----> hello.lc file can be encrypted and password protected, so that only those who have the password can open it.

I can give as a fact?

Almost. Since .lc files are plain text, there's nothing LiveCode can do to protect those. But you can keep code in stack files that can be called from .lc files, and with any of the proprietary-licensed versions of LC those stack files can have their scripts encrypted using the stack's password property.

I should have been more clear about the file type in my first answer. Only stacks can be password protected, as Richard says. My Zygodact product uses stacks, not text file scripts.

Many thanks to all!
Now I get it. I return to the submarine and study some more!

Mariasole
( ^..^)ﾉ

Mariasole wrote:Many thanks to all!
Now I get it. I return to the submarine and study some more!

Bon voyage! Be sure to surface here now and then to let us now how the ocean's treating you.
https://www.youtube.com/watch?v=qAnGe40-o9Q