Hi Lost Admin,
when I understood it right, the webdav protocol gives the control of
user rights to the file system that is used to host the files.
Am 20.03.2017 um 16:59 schrieb Lost Admin:
*Status Update on my https project*
Hopefully I'm not wasting people's time with this post.
Instead of spending the weekend making modifications to store.php (to
support a more secure password file) and some behind the scenes
re-configuring of the web server, I decided to have another look at
Jeremy's suggestion of using WebDAV for saving.
My initial plan with the VM was to set-up OwnCloud (and hosting my own
tiddlywiki was incidental to that). I abandoned that plan because of
the memory requirements of OwnCloud (I wasn't willing to pay for a VM
with enough RAM). However, just implemeting the WebDAV module of
Lighttpd is a different story.
So, I spent a chunk of the weekend re-building my set-up to do that.
It works pretty well. Unfortunately it leads to some security issues
I'm not ready to deal with in a multi-user environment. There is no
built-in way (that I found) to limit the files that could be uploaded
(I found some ways to limit per-file size but not per-user size, file
names, or file types). This opens up a problem where it is far too
easy for a malicious user to host nasty things if they find it. It
also added a lot of complexity in setting-up individual repositories
with the features I want. I may re-visit WebDAV in the future as I
think these things are resolvable, just not in a weekend (at least not
by me).
I did manage to swap out password management in store.php such that
the back-end file now uses the same file format as Apache digest
authentication (which is also used by Lighttpd). This doesn't involve
changes to TiddlyWiki, so it is still transmitting the password in
clear between the browser and the server. Only the back-end no longer
stores passwords in clear text. Unfortunately, the WebDAV experiments
left the web server all messed up and I didn't have time to clean
things up to be usable.
I do think that long-term WebDAV is still the way I want to go. I just
need to figure out how to introduce appropriate logic to better
control and separate users.
--
You received this message because you are subscribed to the Google
Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/ed536378-0f4f-4120-b0d9-a69898907e33%40googlegroups.com
<https://groups.google.com/d/msgid/tiddlywiki/ed536378-0f4f-4120-b0d9-a69898907e33%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/2f4ef979-e2cc-5c45-41a0-e38353065e7f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
