Stefan, In that setup there isn't any problem or anything to worry about.
The problem is the pattern of installing something on a persons computer that has potential to expose them to risk without explaining that to them. I have gotten a lot of pressure to make Bob listen on 0.0.0.0 as a default so people don't have to change it themselves and the response when I pointed out that was a very bad idea for people who didn't understand what that meant was something to the effect of 'that is their problem' or 'most people don't know what it means so why should they worry about it?' Quite literally the first request I got about the BobSaver was 'can we make it listen on something other than localhost', which is asking 'can we make this let other computers save files on our computer?' While in one persons special instance it may not be a bad idea, in general that is a terrible idea. That was requested BEFORE any requests or questions about security. So we have a system that I have been very careful to ensure that its default configuration is as safe as something that functions can be and no one has to worry. But there are easily accessible settings that can change that. People like to play with settings and see what happens, someone may be poking the settings and stumble over how they could just change this 127.0.0.1 to 0.0.0.0 in the configuration and suddenly they can do more, but unless they have the warning about what that means they have no reason to be cautious. Despite the software being safe when configured in the way set as default, someone can easily modify the configuration once they have it and expose everything on their computer to all of Starbucks. So I have it set up to be a safe as possible and give a big warning about the risks of changing the settings, then what they decide is up to them and not my responsibility. As I have said before, you are not the target audience of BobEXE, I put all the configuration options in and documented them so that you can modify them to your hearts content, but by knowing what '120.0.0.1:8080' means and being able to use 'bbs-script' in a sentence you show you have the background to know what you are risking when you use things and can make a properly informed decision about it. For this you know what you are doing and can take care of yourself, I am worried about the people who don't have the time/experience/knowledge/money/interest/whatever to get the background required to know what you know about it. Social engineering is very easy in cases like this, it would be very easy to offer help to someone that involved opening Bob or the saver component up to 0.0.0.0 on a public network. I want to give them the best chance I can to understand what that means. Including the documentation and saying that they should read it first isn't going to help, I have rather explicit documentation about configuration and still people who should know better ignore it and ask me questions that are directly answered, so people who don't know to ask questions are not going to see it. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/98533339-5e4c-4ed3-9c84-49e02f8d8fe7%40googlegroups.com.
