The specific lesson for lc server file uploads is here: http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server
but as mentioned, setup https first! On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode < use-livecode@lists.runrev.com> wrote: > Graham Samuel wrote: > > > However, I don’t seem to be able to mimic what my FTP software > > (Transmit on the Mac, or FileZilla) can do, which is to easily delete > > a file on a server - the file in question is part of a web site > > hosted by DreamHost. I just want to use the URL functionality to do > > this, as discussed in my conversation below, but I always get 405 > > (http) or 530 (ftp). I have a vague suspicion that I should be > > transmitting my credentials to the server, which of course I did when > > I set up my FTP client, but I have absolutely no idea how to do this. > > > > Many members of this list must have mucked around with files on a > > server - can someone point me to a tutorial on all this? > > If there were, it would not be a short one. > > If you could delete a file via HTTP alone, then anyone with a browser > could delete files on your server. > > FTP is unsafe to use on the Internet, as it sends passwords in clear text. > > You could consider FTPS or SFTP, which are not available in the Community > Edition but are in others via tsNet - but not without risk: > > FTP and its secure variants are designed for ad hoc management of remote > file stores. You can delete the file in question, but also any other, and > can modify anything on the server in any way you like. > > This is useful in tools like Filezilla, where the password is only stored > on your own computer. > > But if you hard-wire the password in a script, and that script is part of > a publicly-distributed app, a memory dump can reveal the key to having > complete control over everything on your server. > > The most common way for apps to perform write tasks on servers is through > an HTTP API, which would require something on the server to process the > requests. That something can be PHP, Python, LiveCode Server, or other > languages that work well with CGI. > > You'd still want some way to authenticate the request, but since it's used > only in a server script you write the scope of what can be done with it is > much more limited. > > And of course that assumes your web server is using HTTPS so credentials > can be sent over secured connection, but given the many benefits of HTTPS > and the free availability of SSL certs via the Let's Encrypt project > (Dreamhost has a convenient option for Let's Encrypt in their control > panel) I'm hoping we can assume all web servers managed by developers > already have or will soon have HTTPS in place. > > A tutorial for getting started with LiveCode Server is here: > https://livecode.com/resources/guides/server/ > > I wish I had a one-liner solution for you. But in the hostile environment > of the Internet, writing network applications requires much more diligence > than we used to enjoy back in the day. > > -- > Richard Gaskin > Fourth World Systems > Software Design and Development for the Desktop, Mobile, and the Web > ____________________________________________________________________ > ambassa...@fourthworld.com http://www.FourthWorld.com > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
