Getting Started:

1. Copy the folder named 'LCHostFramework' to the top level of your Documents folder
2. Compile the stack 'basic server.livecode' 
3. Start that app
4. Open the basic client stack in LiveCode
5. Enter your machine's IP into the server field.
6. Connect


[This is more fun when you have two machines and side by side screens:)]

All the scripts are available in the buttons and stack scripts. Nothing is hidden from you, feel free to use/discard whatever you desire. Hopefully share corrections/improvements (of which there will be many!)

About

This is a simple LiveCode framework for creating a client and server that communicate over sockets using RSA to exchange a session based symmetric key and using AES to encrypt subsequent traffic--capabilities that LiveCode provides built-in. Additionally you will likely want to use strong HASH or HMACs with your app for authentication and again LiveCode provides.

This code is just to get you started thinking about what you might like to do--LiveCode is a pretty flexible environment and networking is pretty basic to any programming toolkit.

Security is a complicated thing. If you and a friend could get together and exchange a long passphrase on paper, and then each of you use that passphrase to encrypt a session between your Livecode clients it would be as secure as the two of you let it be.

In the real world it doesn't work that way. But your application probably won't need to solve more universal communication problems in the manner of a browser or ssh client-- meaning some things are easier to just write message passing apps and do something based on what is being exchanged. 

You need some certainty that your clients are who they say they are and they need to be reasonably certain that your server is actually your server. On a private network this is less daunting but it's still not a terrible idea to use encrypted traffic locally. 

I imagine fundamental network authentication/encryption will get some renewed attention from the good people at LiveCode. But they have a huge workload and a limited staff. Maybe we will see built in C++ level support along the lines of ECDHE-ECDSA and that'll be great.



Meantime, remember that the perfect is the enemy of the good--and as important:

"A ship in harbor is safe, but that is not what ships are built for."

Mark Clark
27 Feb 2021
