On Thursday, April 22, 2021 at 1:46:16 PM UTC+2 [email protected] wrote: > Why not? If you can add tiddler text to a txt file, any HTML code will not > run. It is then much easier to call this plaintext back safely. Why is this > just as insecure as a single file solution, then? >
That's part of the "more complex" system I was referring to. If you want to have a different level of access, you'll need to create a real TW-syncer, where you can do whatever you want. ... But this system is still vulnerable to eg: social engineering <https://en.wikipedia.org/wiki/Social_engineering_(security)>. I can give you 10 different txt files, that contain javascript code. Every single one of them doesn't do something special. Then I can give you a malicious plugin that isn't related to the text files. .. eg: a presentation plugin, that will allow you to present tiddlers in a nice way. ... The next time you save your wiki the text files are combined into a library module, with full access to your wiki data. So the problem here is, that you should only use plugins, that you really trust! BUT that's not a TW problem. That's general security problem. -mario -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/b239496b-c4b3-48bd-8434-7e9d930964d5n%40googlegroups.com.
