Alejandro Tejada wrote:
LiveCode could open a socket to send and receive
data from other applications.
Does exists a method to create a portable
LiveCode server that runs locally without
installing any file in the computer?
Many years ago Dr. Raney made a stack available at the old MetaCard site
called mchttpd which is exactly that: a simple Web server built in what
was then called MetaCard.
It still runs in LiveCode, but needed modification to output proper
headers for more recent browsers, so with Dr. Raney's permission I've
modified it and you can download it here:
<http://fourthworld.net/lc/mchttpd-4W.zip>
I still prefer working with Apache for most things since it lets me
mirror the environment I'll be using when I move what I'm working on
locally to a public server, but for specialized services mchttpd can be
a good starting point.
In one of my computers, every application
that opens a socket must be authorized
by the user because Zone Alarm ask for
permission...
A similar requirement happens on OS X as well: in Lion and later (I
don't recall seeing this in Snow Leopard), whenever an app starts
listening on a port the OS notifies the user and asks for confirmation.
This is very helpful, since most serious OSes (read OS X and Linux)
usually ship with all incoming traffic blocked (well, that's true for
Ubuntu, not sure about other distros or how well OS X matches that
security decision). This means that out of the box the system is
unreachable from the outside, leaving it to the user to explicitly open
any ports they might need, while most users never need to go out of
their way to have the system reasonably well protected.
Once you open a port you're inviting traffic to your machine. Of course
most folks have a router to negotiate between their internal network and
the external Internet, and most routers should require explicit action
to set up the forwarding of requests to a specific port from the outside
world to the machine providing the service. So without that, on most
routers worth using, things like mchttpd are useful for intranet
services yet still unreachable to the outside world.
As written, mchttpd is pretty nice, and fairly limited - by design, so
that it won't, for example, run "do" on arbitrary strings passed into it.
But it's extensible, so if one were inclined to live dangerously you
could extend mchttpd to allow it to "do" any LiveCode statements passed
in as arguments to the HTTP request - and then your machine could be
pwned by anyone who can reach it.
Set up port forwarding on your router to allow the world to do that, and
it would be an interesting measure of LiveCode's current global adoption
to find out how long it would be until your machine gets pwned. ;)
Of course in any real system you'd want to be very careful to avoid such
injection exploits.
One of the reasons I've tried to get "do", "eval" and the rest out of my
habits is not merely because there are almost almost always better
alternatives, but that if I ever get absent-minded I'm less likely by
habit to include anything like that in server code.
Interesting exercise for the reader:
On a Mac, open Console and in the side pane click on appfirewall.log
- or -
In Lubuntu, run:
more /var/log/auth.log
The world is full of botnets randomly attempting access on all ports on
all machines all day long....
On my critical machines I recently set up shared keys between the
various computers I use, and once that was done I modded my
/etc/sshd_config so that it no longer allows password login at all.
The downside is that whenever I get a new computer I have to add its key
by going through one of the existing ones already known in authorized_keys.
But the upside is that no one can use any password to get in, since all
passwords are rejected.
--
Richard Gaskin
Fourth World
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
Follow me on Twitter: http://twitter.com/FourthWorldSys
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
