Overwriting a file on a server

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Overwriting a file on a server

Bob Sneidar via use-livecode
Another dumb question, I’m afraid. The dictionary says I can do

  put tdata into URL [some url]

well, I want to put a file on my server (in this example, it’s a text file) to replace one of the same name. If I just try to steamroller it by ignoring the existing file, I get a ‘405’ error (forbidden method, I think). If I use an FTP client like Transmit, I get a warning about overwriting the file and a manual override.

How can I grow my own, by detecting the existing file and then overwriting it anyway? Should I delete the existing file as a separate operation? How can I be sure I have enough permission to do so?

I feel stupid asking all these questions - my only excuse is that LC has made it look sooo simple that I actually thought it was simple.

TIA for any advice

Graham
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
Hi Graham,

> On 5 Mar 2018, at 11:04 pm, Graham Samuel via use-livecode <[hidden email]> wrote:
>
> Another dumb question, I’m afraid. The dictionary says I can do
>
>  put tdata into URL [some url]
>
> well, I want to put a file on my server (in this example, it’s a text file) to replace one of the same name. If I just try to steamroller it by ignoring the existing file, I get a ‘405’ error (forbidden method, I think). If I use an FTP client like Transmit, I get a warning about overwriting the file and a manual override.
>
> How can I grow my own, by detecting the existing file and then overwriting it anyway? Should I delete the existing file as a separate operation? How can I be sure I have enough permission to do so?

You can use ‘delete URL’ to delete an FTP file.  If the result is not empty, then it failed to delete it.

You could always try the ‘put’ first, and if you get a 405 error, try the ‘delete’.  If the delete is successful, you can ‘put’ again.  If the delete is unsuccessful, advise the user.

Cheers,

Charles

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
More wisdom from Charles, sincere thanks!

However, I don’t seem to be able to mimic what my FTP software (Transmit on the Mac, or FileZilla) can do, which is to easily delete a file on a server  - the file in question is part of a web site hosted by DreamHost. I just want to use the URL functionality to do this, as discussed in my conversation below, but I always get 405 (http) or 530 (ftp). I have a vague suspicion that I should be transmitting my credentials to the server, which of course I did when I set up my FTP client, but I have absolutely no idea how to do this.

Many members of this list must have mucked around with files on a server - can someone point me to a tutorial on all this?

TIA

Graham

> On 6 Mar 2018, at 08:59, Charles Warwick via use-livecode <[hidden email]> wrote:
>
> Hi Graham,
>
>> On 5 Mar 2018, at 11:04 pm, Graham Samuel via use-livecode <[hidden email]> wrote:
>>
>> Another dumb question, I’m afraid. The dictionary says I can do
>>
>> put tdata into URL [some url]
>>
>> well, I want to put a file on my server (in this example, it’s a text file) to replace one of the same name. If I just try to steamroller it by ignoring the existing file, I get a ‘405’ error (forbidden method, I think). If I use an FTP client like Transmit, I get a warning about overwriting the file and a manual override.
>>
>> How can I grow my own, by detecting the existing file and then overwriting it anyway? Should I delete the existing file as a separate operation? How can I be sure I have enough permission to do so?
>
> You can use ‘delete URL’ to delete an FTP file.  If the result is not empty, then it failed to delete it.
>
> You could always try the ‘put’ first, and if you get a 405 error, try the ‘delete’.  If the delete is successful, you can ‘put’ again.  If the delete is unsuccessful, advise the user.
>
> Cheers,
>
> Charles
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
Graham Samuel wrote:

 > However, I don’t seem to be able to mimic what my FTP software
 > (Transmit on the Mac, or FileZilla) can do, which is to easily delete
 > a file on a server  - the file in question is part of a web site
 > hosted by DreamHost. I just want to use the URL functionality to do
 > this, as discussed in my conversation below, but I always get 405
 > (http) or 530 (ftp). I have a vague suspicion that I should be
 > transmitting my credentials to the server, which of course I did when
 > I set up my FTP client, but I have absolutely no idea how to do this.
 >
 > Many members of this list must have mucked around with files on a
 > server - can someone point me to a tutorial on all this?

If there were, it would not be a short one.

If you could delete a file via HTTP alone, then anyone with a browser
could delete files on your server.

FTP is unsafe to use on the Internet, as it sends passwords in clear text.

You could consider FTPS or SFTP, which are not available in the
Community Edition but are in others via tsNet - but not without risk:

FTP and its secure variants are designed for ad hoc management of remote
file stores. You can delete the file in question, but also any other,
and can modify anything on the server in any way you like.

This is useful in tools like Filezilla, where the password is only
stored on your own computer.

But if you hard-wire the password in a script, and that script is part
of a publicly-distributed app, a memory dump can reveal the key to
having complete control over everything on your server.

The most common way for apps to perform write tasks on servers is
through an HTTP API, which would require something on the server to
process the requests. That something can be PHP, Python, LiveCode
Server, or other languages that work well with CGI.

You'd still want some way to authenticate the request, but since it's
used only in a server script you write the scope of what can be done
with it is much more limited.

And of course that assumes your web server is using HTTPS so credentials
can be sent over secured connection, but given the many benefits of
HTTPS and the free availability of SSL certs via the Let's Encrypt
project (Dreamhost has a convenient option for Let's Encrypt in their
control panel) I'm hoping we can assume all web servers managed by
developers already have or will soon have HTTPS in place.

A tutorial for getting started with LiveCode Server is here:
https://livecode.com/resources/guides/server/

I wish I had a one-liner solution for you.  But in the hostile
environment of the Internet, writing network applications requires much
more diligence than we used to enjoy back in the day.

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  [hidden email]                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
The specific lesson for lc server file uploads is here:
http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server

but as mentioned, setup https first!

On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
[hidden email]> wrote:

> Graham Samuel wrote:
>
> > However, I don’t seem to be able to mimic what my FTP software
> > (Transmit on the Mac, or FileZilla) can do, which is to easily delete
> > a file on a server  - the file in question is part of a web site
> > hosted by DreamHost. I just want to use the URL functionality to do
> > this, as discussed in my conversation below, but I always get 405
> > (http) or 530 (ftp). I have a vague suspicion that I should be
> > transmitting my credentials to the server, which of course I did when
> > I set up my FTP client, but I have absolutely no idea how to do this.
> >
> > Many members of this list must have mucked around with files on a
> > server - can someone point me to a tutorial on all this?
>
> If there were, it would not be a short one.
>
> If you could delete a file via HTTP alone, then anyone with a browser
> could delete files on your server.
>
> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>
> You could consider FTPS or SFTP, which are not available in the Community
> Edition but are in others via tsNet - but not without risk:
>
> FTP and its secure variants are designed for ad hoc management of remote
> file stores. You can delete the file in question, but also any other, and
> can modify anything on the server in any way you like.
>
> This is useful in tools like Filezilla, where the password is only stored
> on your own computer.
>
> But if you hard-wire the password in a script, and that script is part of
> a publicly-distributed app, a memory dump can reveal the key to having
> complete control over everything on your server.
>
> The most common way for apps to perform write tasks on servers is through
> an HTTP API, which would require something on the server to process the
> requests. That something can be PHP, Python, LiveCode Server, or other
> languages that work well with CGI.
>
> You'd still want some way to authenticate the request, but since it's used
> only in a server script you write the scope of what can be done with it is
> much more limited.
>
> And of course that assumes your web server is using HTTPS so credentials
> can be sent over secured connection, but given the many benefits of HTTPS
> and the free availability of SSL certs via the Let's Encrypt project
> (Dreamhost has a convenient option for Let's Encrypt in their control
> panel) I'm hoping we can assume all web servers managed by developers
> already have or will soon have HTTPS in place.
>
> A tutorial for getting started with LiveCode Server is here:
> https://livecode.com/resources/guides/server/
>
> I wish I had a one-liner solution for you.  But in the hostile environment
> of the Internet, writing network applications requires much more diligence
> than we used to enjoy back in the day.
>
> --
>  Richard Gaskin
>  Fourth World Systems
>  Software Design and Development for the Desktop, Mobile, and the Web
>  ____________________________________________________________________
>  [hidden email]                http://www.FourthWorld.com
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
OK, I’ll be looking at it: I was not planning to use LiveCode server for this task, although as a matter of fact I do have a copy on the site in question for other purposes.

Thanks to you and to Richard G. I’ll report back when I’ve sorted it out.

Graham

> On 6 Mar 2018, at 17:38, Mike Bonner via use-livecode <[hidden email]> wrote:
>
> The specific lesson for lc server file uploads is here:
> http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server
>
> but as mentioned, setup https first!
>
> On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
> [hidden email]> wrote:
>
>> Graham Samuel wrote:
>>
>>> However, I don’t seem to be able to mimic what my FTP software
>>> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
>>> a file on a server  - the file in question is part of a web site
>>> hosted by DreamHost. I just want to use the URL functionality to do
>>> this, as discussed in my conversation below, but I always get 405
>>> (http) or 530 (ftp). I have a vague suspicion that I should be
>>> transmitting my credentials to the server, which of course I did when
>>> I set up my FTP client, but I have absolutely no idea how to do this.
>>>
>>> Many members of this list must have mucked around with files on a
>>> server - can someone point me to a tutorial on all this?
>>
>> If there were, it would not be a short one.
>>
>> If you could delete a file via HTTP alone, then anyone with a browser
>> could delete files on your server.
>>
>> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>>
>> You could consider FTPS or SFTP, which are not available in the Community
>> Edition but are in others via tsNet - but not without risk:
>>
>> FTP and its secure variants are designed for ad hoc management of remote
>> file stores. You can delete the file in question, but also any other, and
>> can modify anything on the server in any way you like.
>>
>> This is useful in tools like Filezilla, where the password is only stored
>> on your own computer.
>>
>> But if you hard-wire the password in a script, and that script is part of
>> a publicly-distributed app, a memory dump can reveal the key to having
>> complete control over everything on your server.
>>
>> The most common way for apps to perform write tasks on servers is through
>> an HTTP API, which would require something on the server to process the
>> requests. That something can be PHP, Python, LiveCode Server, or other
>> languages that work well with CGI.
>>
>> You'd still want some way to authenticate the request, but since it's used
>> only in a server script you write the scope of what can be done with it is
>> much more limited.
>>
>> And of course that assumes your web server is using HTTPS so credentials
>> can be sent over secured connection, but given the many benefits of HTTPS
>> and the free availability of SSL certs via the Let's Encrypt project
>> (Dreamhost has a convenient option for Let's Encrypt in their control
>> panel) I'm hoping we can assume all web servers managed by developers
>> already have or will soon have HTTPS in place.
>>
>> A tutorial for getting started with LiveCode Server is here:
>> https://livecode.com/resources/guides/server/
>>
>> I wish I had a one-liner solution for you.  But in the hostile environment
>> of the Internet, writing network applications requires much more diligence
>> than we used to enjoy back in the day.
>>
>> --
>> Richard Gaskin
>> Fourth World Systems
>> Software Design and Development for the Desktop, Mobile, and the Web
>> ____________________________________________________________________
>> [hidden email]                http://www.FourthWorld.com
>>
>>
>> _______________________________________________
>> use-livecode mailing list
>> [hidden email]
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
In reply to this post by Bob Sneidar via use-livecode
In case anyone was holding their breath, I have just realised that the data I wanted to store on the server can be stored elsewhere (in the application data area, as a property of a stack). So I won’t be in such a hurry to learn this stuff, though I know its value and will do so eventually.

Graham

I wrote just now:

> OK, I’ll be looking at it: I was not planning to use LiveCode server for this task, although as a matter of fact I do have a copy on the site in question for other purposes.
>
> Thanks to you and to Richard G. I’ll report back when I’ve sorted it out.
>
> Graham
>
>> On 6 Mar 2018, at 17:38, Mike Bonner via use-livecode <[hidden email]> wrote:
>>
>> The specific lesson for lc server file uploads is here:
>> http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server
>>
>> but as mentioned, setup https first!
>>
>> On Tue, Mar 6, 2018 at 9:33 AM, Richard Gaskin via use-livecode <
>> [hidden email]> wrote:
>>
>>> Graham Samuel wrote:
>>>
>>>> However, I don’t seem to be able to mimic what my FTP software
>>>> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
>>>> a file on a server  - the file in question is part of a web site
>>>> hosted by DreamHost. I just want to use the URL functionality to do
>>>> this, as discussed in my conversation below, but I always get 405
>>>> (http) or 530 (ftp). I have a vague suspicion that I should be
>>>> transmitting my credentials to the server, which of course I did when
>>>> I set up my FTP client, but I have absolutely no idea how to do this.
>>>>
>>>> Many members of this list must have mucked around with files on a
>>>> server - can someone point me to a tutorial on all this?
>>>
>>> If there were, it would not be a short one.
>>>
>>> If you could delete a file via HTTP alone, then anyone with a browser
>>> could delete files on your server.
>>>
>>> FTP is unsafe to use on the Internet, as it sends passwords in clear text.
>>>
>>> You could consider FTPS or SFTP, which are not available in the Community
>>> Edition but are in others via tsNet - but not without risk:
>>>
>>> FTP and its secure variants are designed for ad hoc management of remote
>>> file stores. You can delete the file in question, but also any other, and
>>> can modify anything on the server in any way you like.
>>>
>>> This is useful in tools like Filezilla, where the password is only stored
>>> on your own computer.
>>>
>>> But if you hard-wire the password in a script, and that script is part of
>>> a publicly-distributed app, a memory dump can reveal the key to having
>>> complete control over everything on your server.
>>>
>>> The most common way for apps to perform write tasks on servers is through
>>> an HTTP API, which would require something on the server to process the
>>> requests. That something can be PHP, Python, LiveCode Server, or other
>>> languages that work well with CGI.
>>>
>>> You'd still want some way to authenticate the request, but since it's used
>>> only in a server script you write the scope of what can be done with it is
>>> much more limited.
>>>
>>> And of course that assumes your web server is using HTTPS so credentials
>>> can be sent over secured connection, but given the many benefits of HTTPS
>>> and the free availability of SSL certs via the Let's Encrypt project
>>> (Dreamhost has a convenient option for Let's Encrypt in their control
>>> panel) I'm hoping we can assume all web servers managed by developers
>>> already have or will soon have HTTPS in place.
>>>
>>> A tutorial for getting started with LiveCode Server is here:
>>> https://livecode.com/resources/guides/server/
>>>
>>> I wish I had a one-liner solution for you.  But in the hostile environment
>>> of the Internet, writing network applications requires much more diligence
>>> than we used to enjoy back in the day.
>>>
>>> --
>>> Richard Gaskin
>>> Fourth World Systems
>>> Software Design and Development for the Desktop, Mobile, and the Web
>>> ____________________________________________________________________
>>> [hidden email]                http://www.FourthWorld.com
>>>
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> [hidden email]
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>> _______________________________________________

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
In reply to this post by Bob Sneidar via use-livecode
Hi,

> Graham Samuel wrote:
>
>> However, I don’t seem to be able to mimic what my FTP software
>> (Transmit on the Mac, or FileZilla) can do, which is to easily delete
>> a file on a server  - the file in question is part of a web site
>> hosted by DreamHost. I just want to use the URL functionality to do
>> this, as discussed in my conversation below, but I always get 405
>> (http) or 530 (ftp). I have a vague suspicion that I should be
>> transmitting my credentials to the server, which of course I did when
>> I set up my FTP client, but I have absolutely no idea how to do this.

Using delete via HTTP will generally fail unless the HTTP server and website are specifically configured to allow it (it would usually also require credentials).  Some HTTP APIs do allow the DELETE method.  I expect this is not what you are after. :-)

As you mentioned above, Transmit would be doing this via FTP, but you would need to send your credentials as part of the request.  You can do this with put URL and delete URL (for any supported protocol) by encoding them into the URL that you use like this:

put urlEncode(“username”) into tUser
put urlEncode(“password”) into tPass
put “ftp://“ & tUser & “:” & tPass & “@ftp.mydomain.com/path/to/file.txt” into tUrl

I expect that would likely solve your issue, but as Richard has mentioned, there are security issues to be considered that are all dependant on the environment that you are using your application in.

Cheers.

Charles



_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
In reply to this post by Bob Sneidar via use-livecode
if there is a file?

Bob S


> On Mar 5, 2018, at 05:04 , Graham Samuel via use-livecode <[hidden email]> wrote:
>
> How can I grow my own, by detecting the existing file and then overwriting it anyway?


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
Oh, by server, you mean WEB server. NVM.

Bob S


> On Mar 6, 2018, at 19:42 , Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> [This message was identified as a phishing scam. Learn about phishing at http://aka.ms/LearnAboutPhishing]
>
> if there is a file?
>
> Bob S
>
>
>> On Mar 5, 2018, at 05:04 , Graham Samuel via use-livecode <[hidden email]> wrote:
>>
>> How can I grow my own, by detecting the existing file and then overwriting it anyway?
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|

Re: Overwriting a file on a server

Bob Sneidar via use-livecode
In reply to this post by Bob Sneidar via use-livecode
Hi Bob

Yes, that works - since the file is tiny, just trying to download it and seeing what you get works  too (not a good strategy in general, I agree). The problem was the overwriting of the file - Richard G and other folks have pointed out that it would be extremely dangerous in the whole internet world if that were easy! I was in retrospect being extremely naive. What it’s done to me is to make me reconsider the way my app works, and I’ve chosen another way of dealing with my requirement by using local application storage. This just happens to work in my particular case.

Cheers

Graham

> On 7 Mar 2018, at 04:42, Bob Sneidar via use-livecode <[hidden email]> wrote:
>
> if there is a file?
>
> Bob S
>
>
>> On Mar 5, 2018, at 05:04 , Graham Samuel via use-livecode <[hidden email]> wrote:
>>
>> How can I grow my own, by detecting the existing file and then overwriting it anyway?
>
>
> _______________________________________________
> use-livecode mailing list
> [hidden email]
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode