Graham Samuel wrote:
> However, I don’t seem to be able to mimic what my FTP software
> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
> a file on a server - the file in question is part of a web site
> hosted by DreamHost. I just want to use the URL functionality to do
> this, as discussed in my conversation below, but I always get 405
> (http) or 530 (ftp). I have a vague suspicion that I should be
> transmitting my credentials to the server, which of course I did when
> I set up my FTP client, but I have absolutely no idea how to do this.
>
> Many members of this list must have mucked around with files on a
> server - can someone point me to a tutorial on all this?
If there were, it would not be a short one.
If you could delete a file via HTTP alone, then anyone with a browser
could delete files on your server.
FTP is unsafe to use on the Internet, as it sends passwords in clear text.
You could consider FTPS or SFTP, which are not available in the
Community Edition but are in others via tsNet - but not without risk:
FTP and its secure variants are designed for ad hoc management of remote
file stores. You can delete the file in question, but also any other,
and can modify anything on the server in any way you like.
This is useful in tools like Filezilla, where the password is only
stored on your own computer.
But if you hard-wire the password in a script, and that script is part
of a publicly-distributed app, a memory dump can reveal the key to
having complete control over everything on your server.
The most common way for apps to perform write tasks on servers is
through an HTTP API, which would require something on the server to
process the requests. That something can be PHP, Python, LiveCode
Server, or other languages that work well with CGI.
You'd still want some way to authenticate the request, but since it's
used only in a server script you write the scope of what can be done
with it is much more limited.
And of course that assumes your web server is using HTTPS so credentials
can be sent over secured connection, but given the many benefits of
HTTPS and the free availability of SSL certs via the Let's Encrypt
project (Dreamhost has a convenient option for Let's Encrypt in their
control panel) I'm hoping we can assume all web servers managed by
developers already have or will soon have HTTPS in place.
A tutorial for getting started with LiveCode Server is here:
https://livecode.com/resources/guides/server/
I wish I had a one-liner solution for you. But in the hostile
environment of the Internet, writing network applications requires much
more diligence than we used to enjoy back in the day.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
