Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Wed May 06, 2020 9:57 am
FourthWorld wrote: ↑Wed May 06, 2020 9:14 am
If users don't sign in, how do you distinguish between an authorized submission and an unauthorized one?
Kyle is worth reading it you get a chance. He publishes articles and books often so you'll come across him sooner or later. I got started with server admin from one of his earlier books. Hs most recent, "Linux Hardening in Hostile Networks", provides a good overview not just for devs, but anyone responsible for managing systems with other people's data, or really anything connected to the Internet.
Spoiler: the "hostile networks" part is his book title is an intentional redundancy. As he describes, in the 21st century all networks are best regarded as hostile, with safeguards chosen from that mindset.
Keep in mind that unless you have uncommonly high-value data, the bad guys aren't after your data at all, but they will still try to break in. They'll take any data that may be useful as they come across it, but these days that's not often their goal. What they want is compute resources, control of the server itself, so they can spam, DDoS, mine coins, etc.
In the modern world, even a server that doesn't seem very interesting to us can be very interesting to the bad guys.
So we learn what we can to stay a step ahead of them. And since most of them use fairly predictable scripts, a little study goes a long way in keeping your severs safe.
Hi fourthworld,
It’s just for the users to view data therefore I didn’t add in a login option.
Eddie
-
Thierry
- VIP Livecode Opensource Backer
- Posts: 875
- Joined: Wed Nov 22, 2006 3:42 pm
Post
by Thierry » Wed May 06, 2020 1:13 pm
Thierry wrote: ↑Mon May 04, 2020 12:07 pm
For how helpful it could be here is my experience a couple of years ago:
I have a shared hosting at a low price.
Via ssh and terminal I upload the zip LC server on my host, unzip and add 3 or 4 lines in .htaccess file,
and it just works. I did some successful tests at this time, and didn't see any major problems.
If you want those .htaccess extra-lines, I can send them to you...
Hi all,
Thanks to Alex to remind me about this
So here is what I did add to my main .htaccess:
# 3 next lines for livecode server:
Options +ExecCGI
AddHandler livecode-script .lc
Action livecode-script /cgi-bin/livecode-community-server
Another information is I don't have root access on this server!
Last, don't ask me more than that as I don't use LC server in my work.
HTH,
Thierry
!
SUNNY-TDZ.COM doesn't belong to me since 2021.
To contact me, use the Private messages. Merci.
!
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Thu May 07, 2020 12:26 pm
EddieLee wrote: ↑Wed May 06, 2020 6:37 am
Hi,
I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?
App side
Code: Select all
on mouseup
---- sending --------
set httpheaders to empty
put "select * from dishes" into tSQLQuery
put "query="&urlencode(tSQLQuery) into tSQLQuery
put base64encode(tSQLQuery) into tSQLQuery1
post tSQLQuery1 to url "https://myurl/mysecretpage.lc"
---- after receiving---------
put it into tResult
put base64decode(tResult) into tResults
answer tResults
end mouseup
Server side
Code: Select all
---- Decode data received from app ------
put base64decode($_POST["query"]) into tSQLQuery1
put revOpenDatabase("mysql","127.0.0.1","mydb","mydbusername","mydbpassword") into tDBID
put revDataFromQuery(,,tDBID,tSQLQuery1) into tResults
revclosedatabase tDBID
----- Encode data before sending back to the app ------
put base64encode(tResults) into tResult
put tResult
The error/output that im getting is "revdberr,Query was empty"
Thank you!
Anybody knows the answer to this?
Eddie
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Thu May 07, 2020 12:29 pm
EddieLee wrote: ↑Mon May 04, 2020 4:14 pm
bangkok wrote: ↑Mon May 04, 2020 2:00 pm
EddieLee wrote: ↑Mon May 04, 2020 1:16 pm
Thanks for the codes but however does this establish a connection with the database securely so that I can perform my SELECT, INSERT and UPDATE queries? Because the main reason for this thread is for me to find a way to communicate with the database in a secure way for the benefits of security.
No offense, but before absolute security, you have to understand the basic underlying processes (and here the interactions between a desktop or Android app and a remote database hosted somewhere on the Internet).
That's the point of my very simple example.
The library designed by HostM is perfect from a security point of view, but I guess it would be a little bit hard for you to use it first.
EddieLee wrote: ↑Mon May 04, 2020 1:16 pm
And also for the code on the app, before you use the SELECT query shouldn’t it be to establish a connection to the database first to collect the data?
The webpage collects the data from the POST, and then opens the connexion to the database.
It's more logical, because it allows you first to decrypt the data, and to be sure that those data are valid and legitimate (coming from your App, instead of a third party trying to hack your system).
So you can do several tests on the data received by the POST, and when everything is okay, you open the connexion to the database and perform the query.
Hi Bangkok,
Thanks, I misread the codes which caused me to asked a stupid question, I understand what you said now and thanks for the explanation. I will give your way a run tomorrow and compare it with hostm tutorial method to see which is suitable for me. So from my understanding, for every query that I need to perform, I need to send it to mysecretfile.lc and this is where the command would be executed? I tried the server code and this error shows up
revdberr,Query was empty
Is it normal to be this way? On my app side, i received the information i need from the database!
Thanks for your help!
Still receiving the same error but I got the results back on my app, any reason why?
Eddie
-
bangkok
- VIP Livecode Opensource Backer
- Posts: 937
- Joined: Fri Aug 15, 2008 7:15 am
Post
by bangkok » Thu May 07, 2020 1:23 pm
EddieLee wrote: ↑Wed May 06, 2020 6:37 am
Hi,
I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?
App side
Code: Select all
on mouseup
---- sending --------
set httpheaders to empty
put "select * from dishes" into tSQLQuery
put "query="&urlencode(tSQLQuery) into tSQLQuery
put base64encode(tSQLQuery) into tSQLQuery1
post tSQLQuery1 to url "https://myurl/mysecretpage.lc"
---- after receiving---------
put it into tResult
put base64decode(tResult) into tResults
answer tResults
end mouseup
You base64encode the whole string, it means even with the keyword "query" (that the LC Server page will use to "receive" the data and store it into the variable)
Not good.
Therefore :
Code: Select all
---- sending --------
set httpheaders to empty
put "select * from dishes" into tSQLQuery
put base64encode(tSQLQuery) into tSQLQuery
put "query="&tSQLQuery into tSQLQuery
post tSQLQuery to url "https://myurl/mysecretpage.lc"
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Thu May 07, 2020 1:32 pm
bangkok wrote: ↑Thu May 07, 2020 1:23 pm
EddieLee wrote: ↑Wed May 06, 2020 6:37 am
Hi,
I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?
App side
Code: Select all
on mouseup
---- sending --------
set httpheaders to empty
put "select * from dishes" into tSQLQuery
put "query="&urlencode(tSQLQuery) into tSQLQuery
put base64encode(tSQLQuery) into tSQLQuery1
post tSQLQuery1 to url "https://myurl/mysecretpage.lc"
---- after receiving---------
put it into tResult
put base64decode(tResult) into tResults
answer tResults
end mouseup
You base64encode the whole string, it means even with the keyword "query" (that the LC Server page will use to "receive" the data and store it into the variable)
Not good.
Therefore :
Code: Select all
---- sending --------
set httpheaders to empty
put "select * from dishes" into tSQLQuery
put base64encode(tSQLQuery) into tSQLQuery
put "query="&tSQLQuery into tSQLQuery
post tSQLQuery to url "https://myurl/mysecretpage.lc"
Hi Bangkok,
Thanks for your help, I will try it tomorrow when I’m doing livecode. Do you have any idea how do I return the result from mysecretpage.lc to my app? Because on the server page I just left it as put result
Eddie
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Fri May 08, 2020 3:30 am
EddieLee wrote: ↑Thu May 07, 2020 1:32 pm
bangkok wrote: ↑Thu May 07, 2020 1:23 pm
EddieLee wrote: ↑Wed May 06, 2020 6:37 am
Hi,
I tried using base64encode/decode to encrypt the data sent to the server from and app and vice versa. Any reason why im getting an error output?
App side
Code: Select all
on mouseup
---- sending --------
set httpheaders to empty
put "select * from dishes" into tSQLQuery
put "query="&urlencode(tSQLQuery) into tSQLQuery
put base64encode(tSQLQuery) into tSQLQuery1
post tSQLQuery1 to url "https://myurl/mysecretpage.lc"
---- after receiving---------
put it into tResult
put base64decode(tResult) into tResults
answer tResults
end mouseup
You base64encode the whole string, it means even with the keyword "query" (that the LC Server page will use to "receive" the data and store it into the variable)
Not good.
Therefore :
Code: Select all
---- sending --------
set httpheaders to empty
put "select * from dishes" into tSQLQuery
put base64encode(tSQLQuery) into tSQLQuery
put "query="&tSQLQuery into tSQLQuery
post tSQLQuery to url "https://myurl/mysecretpage.lc"
Hi Bangkok,
Thanks for your help, I will try it tomorrow when I’m doing livecode. Do you have any idea how do I return the result from mysecretpage.lc to my app? Because on the server page I just left it as put result
Seems like the error's solved, however, im unable to receive the result back even after base64decode. I wonder whats the issue, seems like posting to the webserver has no issue with hbase64encode/decode, only returning. Any idea?
Eddie
-
FourthWorld
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
-
Contact:
Post
by FourthWorld » Fri May 08, 2020 6:10 am
What is the total size of the data being queried?
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Fri May 08, 2020 6:21 am
FourthWorld wrote: ↑Fri May 08, 2020 6:10 am
What is the total size of the data being queried?
Hi FourthWorld,
How do i check the total size?
Thanks!
Eddie
-
FourthWorld
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
-
Contact:
Post
by FourthWorld » Fri May 08, 2020 6:17 pm
If you don't have access to the storage files, even a rough estimate based on average length of each record and number of records would be helpful.
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Sat May 09, 2020 7:31 am
FourthWorld wrote: ↑Fri May 08, 2020 6:17 pm
If you don't have access to the storage files, even a rough estimate based on average length of each record and number of records would be helpful.
Hi Fourthworld,
For now there is only 4 records and each record has a name, id, description and image (longblob). Im guessing the data is too big to be queried back to me? On the server side, these are the results im getting back back i can get it through to my app.
base64encode - cmV2ZGJlcnIsUXVlcnkgd2FzIGVtcHR5
urlencode - revdberr%2CQuery+was+empty
I wonder why my app does not receive the result back.
Eddie
-
FourthWorld
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
-
Contact:
Post
by FourthWorld » Sat May 09, 2020 7:59 am
This data seems very small. Do you really need a database?
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Sat May 09, 2020 9:30 am
FourthWorld wrote: ↑Sat May 09, 2020 7:59 am
This data seems very small. Do you really need a database?
For now it might seems small but i havent populate it yet.
Eddie
-
EddieLee
- Posts: 118
- Joined: Thu Oct 25, 2018 1:06 pm
Post
by EddieLee » Sat May 09, 2020 9:40 am
Hi,
Does anyone know how to write the server side scripts for the update query ? I tried using a few but it doesnt work.
My old method was
Server side
Code: Select all
<?lc
put $_POST["query"] into tSQLQuery
put $_POST["dishname"] into dname
put revOpenDatabase("mysql","127.0.0.1","mydb","mydbusername","mydbpassword") into tDBID
revExecuteSQL tDBID, tSQLQuery, "dname", "dishname"
revclosedatabase tDBID
?>
App side
Code: Select all
put "UPDATE `dishes` SET 'dishname' = '"& dishname &"' WHERE `dishid` = '"& dishid &"'"into tSQLQuery
put "query="&urlencode(tSQLQuery) into tSQLQuery
post dishname to url "https://mywebsite/mysecretpage.lc"
post tSQLQuery to url "https://mywebsite/mysecretpage.lc"
answer it
For now the query cannot execute and no result was returned to me. Hope to get some help/advice.
Thanks!
Eddie