Saving Stack Data in a Standalone

[townsend]

Okay-- It's taken me a while-- but I think I finally got it.

1- The data in all LiveCode objects can be saved in one fell swoop
with the Save command. (Amazing! No other platform does this.)

2- This only works on sub-stacks, so a Splash screen is used
to enable this feature in the main application.

3- In the Standalone Application Settings, under the Stacks icon,
you must choose, "Move substacks into individual subfiles".

Then, all it takes is one simple line of code:

Code: Select all

     save this stack

Great! It all works. The sub-stack data is saved to a file named
sub-stack-name.rev. Now here's my question.

It seems that the .rev file saved is source code and can be opened
just like any other .livecode stack. Is there any way to protect
this .rev file from hackers? AND how secure are the executables?
I do need to store PostgreSQL DB longin and passwords.

[mwieder]

Great! Sounds like the splash screen thing is working for you.

Yes, set a password on your stacks and they will be safe from prying eyes. You can do this on a stack-by-stack basis, and when I need to do this I try to put anything I want protected into a single substack and then just set a password on that stack. That way I can still do development without having to enter a password each time I want to edit an object's script.

[townsend]

The password can be set in the Standalone Application Settings under Stacks.
That prevents anyone from opening the Stack with a LiveCode IDE.
Kind of-- it will prompt for the password. But I've also downloaded Stacks
where you couldn't even change from Run to Edit mode. How'd they do that?

PS: Good news!! When you set up a Stack password, the Save Stack command
encrypts the Stack. How do I know this? I downloaded this free Hex Editor and
took a look. HxD Hex Exitor: http://mh-nexus.de/en/

[dglass]

I do need to store PostgreSQL DB longin and passwords.

I hope you are not storing the actual passwords.

[townsend]

I hope you are not storing the actual passwords.

All users read-from and write-to a remote PostgreSQL database,
so I thought I had to store a login and password, for any access.

Thanks for your comment! What's the best practice here?

[BvG]

For remote DB access, best practice is to have wrappers around your calls on the server, that only allow the queries that you actually need, and never transmit access data trough the network.

Also note that password protected stacks only protect the scripts, not customproperties or field contents.

[dglass]

To access the db they will need a user account and password, yes.

I don't know how PostgreSQL handles the passwords. I'm pretty sure MySQL encrypts them, so I would expect PostgreSQL to do something equivalent.

But, that data is stored in the DB, not in any of your application's stacks or preference files.

[townsend]

Also note that password protected stacks only protect the scripts, not customproperties or field contents.

Thanks for the clarification.

For remote DB access, best practice is to have wrappers around your calls on the server, that only allow the queries that you actually need, and never transmit access data trough the network.

I'm confused. What's a wrapper? To read or write data don't you have to include a SQL statement in your script? And before that, just to establish a connection, don't you have to use a login and password?

[BvG]

Wrapper is no specific technical term. What I mean with that is, that you have code on the server that you then query via web calls. Basically a homepage just for your app. That way you can restrict which parts of the database are public, or even encrypt the traffic completely. The login of course would all remain on the server, because the code that does the sql query is all on the server too. Additionally, you can use any language that runs on your server, including LiveCode cgi's, ruby or php.

[townsend]

Thanks! That helps a lot. Now I understand.

Couldn't I just establish a SSL connection between
my LiveCode app and the DB server?

[mwieder]

Also note that password protected stacks only protect the scripts, not customproperties or field contents.

True only in the case of stacks - everything in a standalone application (the splash screen, in this case) is encrypted.