*Status Update on my https project* Hopefully I'm not wasting people's time with this post.
Instead of spending the weekend making modifications to store.php (to support a more secure password file) and some behind the scenes re-configuring of the web server, I decided to have another look at Jeremy's suggestion of using WebDAV for saving. My initial plan with the VM was to set-up OwnCloud (and hosting my own tiddlywiki was incidental to that). I abandoned that plan because of the memory requirements of OwnCloud (I wasn't willing to pay for a VM with enough RAM). However, just implemeting the WebDAV module of Lighttpd is a different story. So, I spent a chunk of the weekend re-building my set-up to do that. It works pretty well. Unfortunately it leads to some security issues I'm not ready to deal with in a multi-user environment. There is no built-in way (that I found) to limit the files that could be uploaded (I found some ways to limit per-file size but not per-user size, file names, or file types). This opens up a problem where it is far too easy for a malicious user to host nasty things if they find it. It also added a lot of complexity in setting-up individual repositories with the features I want. I may re-visit WebDAV in the future as I think these things are resolvable, just not in a weekend (at least not by me). I did manage to swap out password management in store.php such that the back-end file now uses the same file format as Apache digest authentication (which is also used by Lighttpd). This doesn't involve changes to TiddlyWiki, so it is still transmitting the password in clear between the browser and the server. Only the back-end no longer stores passwords in clear text. Unfortunately, the WebDAV experiments left the web server all messed up and I didn't have time to clean things up to be usable. I do think that long-term WebDAV is still the way I want to go. I just need to figure out how to introduce appropriate logic to better control and separate users. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywiki@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/ed536378-0f4f-4120-b0d9-a69898907e33%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
