Thanks Mark! Very helpful information. Gonna bookmark this. On Wed, Apr 26, 2017 at 10:06 AM, 'Mark S.' via TiddlyWiki < [email protected]> wrote:
> Hi Dave, > > If you have your own server, you might be able to add SSL. SSL requires a > certificate, which used to run $100 a year. Some hosts will let you use a > shared one that works for everyone on the machine. Or you can generate your > own uncertified one. An uncertified certificate will cause your browser to > generate alarming messages but you just add them as a permanent exception > to your browser and then you're good to go. An uncertified certificate will > encrypt your traffic just as well as a certified one, it's just that your > browser doesn't have a chain of trust back to the uncertified one. > > You mentioned that your Wordpress account got hacked, and I notice that a > lot of people are suggesting .htaccess as a security step for WP. In some > systems you can add .htaccess straight from your account control panel. In > others, you have to add a .htaccess file directly to the directory you want > protected. The .htaccess file gives instructions to the server to not let > anyone access files in a directory unless they have the right name and > password. When you first attempt to browse a directory with this security > on it a pop-up menu will ask for your name and password. After that (if > memory serves) your name and password will be stored in cookies on your > browser so you don't have to do it over and over again. .htaccess security > is not invincible -- on some systems the actual password maximum is only 8 > characters. But if coupled with SSL, most hackers aren't going to take the > time to brute force it. There's much easier places for them to plant their > spam. > > HTH > Mark > > > > > On Wednesday, April 26, 2017 at 7:14:48 AM UTC-7, David Gifford wrote: >> >> Hi lost admin >> >> My concern is the one contained in http://tiddlywiki.com/#Saving% >> 20on%20TiddlySpot, since the store.php is the same process as Tiddlyspot. >> >> Dave >> >> On Wed, Apr 26, 2017 at 9:08 AM, Lost Admin <[email protected]> wrote: >> >>> When you say the insecurity of the store.php approach worries you, what >>> exactly are you worried about? >>> >>> I agree there are security issues with store.php but I have seen far >>> worse issues in commercial applications. >>> >>> Personally, I was concerned that store.php uses cleartext passwords in >>> it's configuration file. So, I changed my copy to use a hash of the >>> password (for the technical minded, I used the hash format for Apache >>> Digest Authentication). >>> >>> Store.php has settings to override the tiddlywiki configured filename >>> and backup directory, I used those to prevent someone from uploading >>> arbitrary files. >>> >>> There is still an issue of brute force password guessing that I haven't >>> decided how I want to resolve yet. >>> >>> On Monday, April 24, 2017 at 4:16:48 PM UTC-4, David Gifford wrote: >>>> >>>> >>>> It does concern me, though, the level of insecurity of the store.php >>>> approach. So I will still eventually experiment more with Noteself. But to >>>> be honest I do need the ability to link between files and permalink to >>>> share with others. >>>> ... >>>> >>> Dave >>>> >>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "TiddlyWiki" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>> pic/tiddlywiki/OCUp73Bads0/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/tiddlywiki. >>> To view this discussion on the web visit https://groups.google.com/d/ms >>> gid/tiddlywiki/15a32c0d-1bc9-4a0a-8dc4-1f0ba849f031%40googlegroups.com >>> <https://groups.google.com/d/msgid/tiddlywiki/15a32c0d-1bc9-4a0a-8dc4-1f0ba849f031%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> David Gifford >> Christian Reformed World Missions, Mexico City >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "TiddlyWiki" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/tiddlywiki/OCUp73Bads0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/tiddlywiki. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/tiddlywiki/a3f22134-533b-4254-b607-64eb08201c9c%40googlegroups.com > <https://groups.google.com/d/msgid/tiddlywiki/a3f22134-533b-4254-b607-64eb08201c9c%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- David Gifford Christian Reformed World Missions, Mexico City -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/CANE%3DBFKFHUPr%2BeCApYxMgjAygZaLFzXPLAEAfZmgN5s5NOG9-w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
