ftp is indeed a security problem, and sftp is not (easily) available -
needs externals, or command line usage, etc.
https:// would be an option - but he would need an ssl cert.
However, if the item to be uploaded is small (sounds like it is), then
you can do it very safely and easily, just as a get URL with the
parameters encrypted from within LC.
LC on the client machine (pseudo code):
put "My machine has been installed" && tMyName && tMyOtherData into
tDataToSendToServer
encrypt tDataToSendToServer with des using password "mysecretpassword"
put it into tData
put "http://my.domain.com/registerinstall.lc?data="; &
urlencode(tData) into tURL
get URL (tURL)
(and of course, make sure that you keep the password safe, only do this
within a protected stack, etc.
and on the server, you simply take the data passed, urldecode it,
decrypt it (with the same secretpasword) and log it to the file.
There is a tiny insecurity here - someone could flood you with bad URL
gets and grow you logfile out of control - which can easily be avoided
by passing a security check, e.g. ( add this code immediately before the
get URL above)
put the seconds into tTime
encrypt tTime with des using password "mysecretpassword"
put it into tEncTime
put "?time=" & tTime & "&enctime=" & tEncTime after tURL
and then on the server, verify that the enctime value can be decrypted
to get the time value; only save the data if that matches OK.
-- Alex.
On 13/03/2012 12:42, Curt Ford wrote:
My client wants to have a routine that records when a user first installs the
project, by incrementing an item in a text file on his server. We've got it working
well with ftp but I'm wondering if whether sending the ftp login& password
over regular ftp is a security issue; some digging in the archives makes me think
that sftp isn't an option yet.
Would https:// be an option to write to a file on the server? Would that
require that they have an SSL certificate?
Any ideas on a good way to handle this?
Curt
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
