Shared Hosting (Solved)

Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Wed May 06, 2020 9:57 am

FourthWorld wrote:
Wed May 06, 2020 9:14 am
If users don't sign in, how do you distinguish between an authorized submission and an unauthorized one?

Kyle is worth reading it you get a chance. He publishes articles and books often so you'll come across him sooner or later. I got started with server admin from one of his earlier books. Hs most recent, "Linux Hardening in Hostile Networks", provides a good overview not just for devs, but anyone responsible for managing systems with other people's data, or really anything connected to the Internet.

Spoiler: the "hostile networks" part is his book title is an intentional redundancy. As he describes, in the 21st century all networks are best regarded as hostile, with safeguards chosen from that mindset.

Keep in mind that unless you have uncommonly high-value data, the bad guys aren't after your data at all, but they will still try to break in. They'll take any data that may be useful as they come across it, but these days that's not often their goal. What they want is compute resources, control of the server itself, so they can spam, DDoS, mine coins, etc.

In the modern world, even a server that doesn't seem very interesting to us can be very interesting to the bad guys.

So we learn what we can to stay a step ahead of them. And since most of them use fairly predictable scripts, a little study goes a long way in keeping your severs safe.
Hi fourthworld,

It’s just for the users to view data therefore I didn’t add in a login option.
Eddie :D

Thierry
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 875
Joined: Wed Nov 22, 2006 3:42 pm

Re: Shared Hosting

Post by Thierry » Wed May 06, 2020 1:13 pm

Thierry wrote:
Mon May 04, 2020 12:07 pm

For how helpful it could be here is my experience a couple of years ago:
I have a shared hosting at a low price.
Via ssh and terminal I upload the zip LC server on my host, unzip and add 3 or 4 lines in .htaccess file,
and it just works. I did some successful tests at this time, and didn't see any major problems.

If you want those .htaccess extra-lines, I can send them to you...
Hi all,

Thanks to Alex to remind me about this :)

So here is what I did add to my main .htaccess:
# 3 next lines for livecode server:
Options +ExecCGI
AddHandler livecode-script .lc
Action livecode-script /cgi-bin/livecode-community-server
Another information is I don't have root access on this server!

Last, don't ask me more than that as I don't use LC server in my work.

HTH,

Thierry
!
SUNNY-TDZ.COM doesn't belong to me since 2021.
To contact me, use the Private messages. Merci.
!

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Thu May 07, 2020 12:26 pm

EddieLee wrote:
Wed May 06, 2020 6:37 am
Hi,

I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?

App side

Code: Select all

on mouseup
---- sending --------
   set httpheaders to empty
   put "select * from dishes" into tSQLQuery
   put "query="&urlencode(tSQLQuery) into tSQLQuery
   put base64encode(tSQLQuery) into tSQLQuery1
   post tSQLQuery1 to url "https://myurl/mysecretpage.lc"

---- after receiving---------   
   put it into tResult        
   put base64decode(tResult) into tResults
   answer tResults
end mouseup
Server side

Code: Select all

---- Decode data received from app ------
put base64decode($_POST["query"]) into tSQLQuery1   
put revOpenDatabase("mysql","127.0.0.1","mydb","mydbusername","mydbpassword") into tDBID
put revDataFromQuery(,,tDBID,tSQLQuery1) into tResults  
revclosedatabase tDBID 

----- Encode data before sending back to the app ------
put base64encode(tResults) into tResult
put tResult
The error/output that im getting is "revdberr,Query was empty"

Thank you!
Anybody knows the answer to this?
Eddie :D

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Thu May 07, 2020 12:29 pm

EddieLee wrote:
Mon May 04, 2020 4:14 pm
bangkok wrote:
Mon May 04, 2020 2:00 pm
EddieLee wrote:
Mon May 04, 2020 1:16 pm
Thanks for the codes but however does this establish a connection with the database securely so that I can perform my SELECT, INSERT and UPDATE queries? Because the main reason for this thread is for me to find a way to communicate with the database in a secure way for the benefits of security.
No offense, but before absolute security, you have to understand the basic underlying processes (and here the interactions between a desktop or Android app and a remote database hosted somewhere on the Internet).

That's the point of my very simple example.

The library designed by HostM is perfect from a security point of view, but I guess it would be a little bit hard for you to use it first.
EddieLee wrote:
Mon May 04, 2020 1:16 pm
And also for the code on the app, before you use the SELECT query shouldn’t it be to establish a connection to the database first to collect the data?
The webpage collects the data from the POST, and then opens the connexion to the database.

It's more logical, because it allows you first to decrypt the data, and to be sure that those data are valid and legitimate (coming from your App, instead of a third party trying to hack your system).

So you can do several tests on the data received by the POST, and when everything is okay, you open the connexion to the database and perform the query.
Hi Bangkok,

Thanks, I misread the codes which caused me to asked a stupid question, I understand what you said now and thanks for the explanation. I will give your way a run tomorrow and compare it with hostm tutorial method to see which is suitable for me. So from my understanding, for every query that I need to perform, I need to send it to mysecretfile.lc and this is where the command would be executed? I tried the server code and this error shows up
revdberr,Query was empty
Is it normal to be this way? On my app side, i received the information i need from the database!
Thanks for your help!
Still receiving the same error but I got the results back on my app, any reason why?
Eddie :D

bangkok
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 937
Joined: Fri Aug 15, 2008 7:15 am

Re: Shared Hosting

Post by bangkok » Thu May 07, 2020 1:23 pm

EddieLee wrote:
Wed May 06, 2020 6:37 am
Hi,

I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?

App side

Code: Select all

on mouseup
---- sending --------
   set httpheaders to empty
   put "select * from dishes" into tSQLQuery
   put "query="&urlencode(tSQLQuery) into tSQLQuery
   put base64encode(tSQLQuery) into tSQLQuery1
   post tSQLQuery1 to url "https://myurl/mysecretpage.lc"

---- after receiving---------   
   put it into tResult        
   put base64decode(tResult) into tResults
   answer tResults
end mouseup
You base64encode the whole string, it means even with the keyword "query" (that the LC Server page will use to "receive" the data and store it into the variable)
Not good.

Therefore :

Code: Select all

---- sending --------
   set httpheaders to empty
   put "select * from dishes" into tSQLQuery
   put base64encode(tSQLQuery) into tSQLQuery
   put "query="&tSQLQuery into tSQLQuery
   post tSQLQuery to url "https://myurl/mysecretpage.lc"

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Thu May 07, 2020 1:32 pm

bangkok wrote:
Thu May 07, 2020 1:23 pm
EddieLee wrote:
Wed May 06, 2020 6:37 am
Hi,

I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?

App side

Code: Select all

on mouseup
---- sending --------
   set httpheaders to empty
   put "select * from dishes" into tSQLQuery
   put "query="&urlencode(tSQLQuery) into tSQLQuery
   put base64encode(tSQLQuery) into tSQLQuery1
   post tSQLQuery1 to url "https://myurl/mysecretpage.lc"

---- after receiving---------   
   put it into tResult        
   put base64decode(tResult) into tResults
   answer tResults
end mouseup
You base64encode the whole string, it means even with the keyword "query" (that the LC Server page will use to "receive" the data and store it into the variable)
Not good.

Therefore :

Code: Select all

---- sending --------
   set httpheaders to empty
   put "select * from dishes" into tSQLQuery
   put base64encode(tSQLQuery) into tSQLQuery
   put "query="&tSQLQuery into tSQLQuery
   post tSQLQuery to url "https://myurl/mysecretpage.lc"
Hi Bangkok,

Thanks for your help, I will try it tomorrow when I’m doing livecode. Do you have any idea how do I return the result from mysecretpage.lc to my app? Because on the server page I just left it as put result
Eddie :D

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Fri May 08, 2020 3:30 am

EddieLee wrote:
Thu May 07, 2020 1:32 pm
bangkok wrote:
Thu May 07, 2020 1:23 pm
EddieLee wrote:
Wed May 06, 2020 6:37 am
Hi,

I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?

App side

Code: Select all

on mouseup
---- sending --------
   set httpheaders to empty
   put "select * from dishes" into tSQLQuery
   put "query="&urlencode(tSQLQuery) into tSQLQuery
   put base64encode(tSQLQuery) into tSQLQuery1
   post tSQLQuery1 to url "https://myurl/mysecretpage.lc"

---- after receiving---------   
   put it into tResult        
   put base64decode(tResult) into tResults
   answer tResults
end mouseup
You base64encode the whole string, it means even with the keyword "query" (that the LC Server page will use to "receive" the data and store it into the variable)
Not good.

Therefore :

Code: Select all

---- sending --------
   set httpheaders to empty
   put "select * from dishes" into tSQLQuery
   put base64encode(tSQLQuery) into tSQLQuery
   put "query="&tSQLQuery into tSQLQuery
   post tSQLQuery to url "https://myurl/mysecretpage.lc"
Hi Bangkok,

Thanks for your help, I will try it tomorrow when I’m doing livecode. Do you have any idea how do I return the result from mysecretpage.lc to my app? Because on the server page I just left it as put result
Seems like the error's solved, however, im unable to receive the result back even after base64decode. I wonder whats the issue, seems like posting to the webserver has no issue with hbase64encode/decode, only returning. Any idea?
Eddie :D

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Shared Hosting

Post by FourthWorld » Fri May 08, 2020 6:10 am

What is the total size of the data being queried?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Fri May 08, 2020 6:21 am

FourthWorld wrote:
Fri May 08, 2020 6:10 am
What is the total size of the data being queried?
Hi FourthWorld,

How do i check the total size?

Thanks!
Eddie :D

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Shared Hosting

Post by FourthWorld » Fri May 08, 2020 6:17 pm

If you don't have access to the storage files, even a rough estimate based on average length of each record and number of records would be helpful.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Sat May 09, 2020 7:31 am

FourthWorld wrote:
Fri May 08, 2020 6:17 pm
If you don't have access to the storage files, even a rough estimate based on average length of each record and number of records would be helpful.
Hi Fourthworld,

For now there is only 4 records and each record has a name, id, description and image (longblob). Im guessing the data is too big to be queried back to me? On the server side, these are the results im getting back back i can get it through to my app.

base64encode - cmV2ZGJlcnIsUXVlcnkgd2FzIGVtcHR5
urlencode - revdberr%2CQuery+was+empty

I wonder why my app does not receive the result back.
Eddie :D

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Shared Hosting

Post by FourthWorld » Sat May 09, 2020 7:59 am

This data seems very small. Do you really need a database?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Sat May 09, 2020 9:30 am

FourthWorld wrote:
Sat May 09, 2020 7:59 am
This data seems very small. Do you really need a database?
For now it might seems small but i havent populate it yet.
Eddie :D

EddieLee
Posts: 118
Joined: Thu Oct 25, 2018 1:06 pm

Re: Shared Hosting

Post by EddieLee » Sat May 09, 2020 9:40 am

Hi,


Does anyone know how to write the server side scripts for the update query ? I tried using a few but it doesnt work.
My old method was

Server side

Code: Select all

<?lc
put $_POST["query"] into tSQLQuery 
put $_POST["dishname"] into dname
put revOpenDatabase("mysql","127.0.0.1","mydb","mydbusername","mydbpassword") into tDBID 
revExecuteSQL tDBID, tSQLQuery, "dname", "dishname"


revclosedatabase tDBID 

                                   
?>
App side

Code: Select all

 put "UPDATE `dishes` SET 'dishname' = '"& dishname &"' WHERE  `dishid` = '"& dishid &"'"into tSQLQuery
   put "query="&urlencode(tSQLQuery) into tSQLQuery
   post dishname to url "https://mywebsite/mysecretpage.lc"
   post tSQLQuery to url "https://mywebsite/mysecretpage.lc"
   answer it
For now the query cannot execute and no result was returned to me. Hope to get some help/advice.

Thanks!
Eddie :D

Post Reply

Return to “Talking LiveCode”