On Friday, February 7, 2020 at 2:33:27 AM UTC-8, PMario wrote: > > > The usecase you describe allows everyone to impersonate every existing > plugin. It will be easy to create an evil copy of a plugin and post it > within a link. > > No. Plugins have to be saved and reloaded to become active. This requires much more from a user than a single click.
> With this link you want to point to a 3rd party but "friendly" tiddlywiki > edition, that will in turn allow a naive user to download maleware from a > 4th party site. > > Way too alarmist. If what you say is true, then there shouldn't even be a share site at all. In which case we shouldn't have the share plugin at all. There is, in fact, no use for the share plugin because there is nowhere that you could put a receiving site that couldn't be "hacked". But in order to be hacked, a hacker first has to put a link on some other site, say site "A". And it has to be a popular site, if it is going to get much traffic. Well, if well-known site "A" has been hacked, the hacker isn't going to bounce it off a share site and THEN aim for a malware site. Especially not if it requires the user to save and reload a TW with a plugin. He's going to send site "A" directly to the malware site. He's already achieved his goal just by hacking site "A". As for attribution ... who's doing this attribution? I would expect any competent security consultant to recognize the difference between an innocent bystander site and an actual malware site. Thanks! -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/b71d5db8-93f1-4af7-b53f-64e27432c8c9%40googlegroups.com.
