Hi Tony

I’m working on some changes to TW5’s built-in server functionality, see the 
discussion here:

https://groups.google.com/d/topic/tiddlywikidev/pOg-aiGtsPo/discussion

Amongst the changes will be the ability to run a wiki that is read-only for 
anonymous users and requires a login for editing. Credentials are still passed 
using Basic Authentication, and passwords are stored in plain text on the 
server. However, it should be OK for internet hosting as long as you put it 
behind HTTPS.

So, pending the new features, it’s probably worth spending some time exploring 
whether and how you can set up HTTPS.

If the primitive authentication support offered by the built-in server isn’t 
robust enough, then you can use an authenticated proxy server with decent user 
management (such as IIS or Apache). This is another new feature: you can 
specify an HTTP header that TW5 looks at for the authenticated username, and 
then write that header within the proxy.

Best wishes

Jeremy



> On 27 Jun 2018, at 10:30, TonyM <[email protected]> wrote:
> 
> Hi all,
> 
> I have long dreamed of being able to host tiddlywiki on the internet with 
> node. I recently got this working on top of a WHM/cpanel wholesale host, and 
> am very excited, it performs well.
> 
> However this dream took no account of security. I now have a wiki online that 
> anyone can edit and presumably add as many tiddlers as they want, perhaps 
> even execute javascript as they wish.
> 
> I think I need to turn it off, but before I do can anyone suggest some 
> security options, I would like it to provide read only unless authorised or 
> inaccessible without a password.
> 
> Thanks
> Tony
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "TiddlyWiki" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/tiddlywiki.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/tiddlywiki/29eed46b-536b-41b4-bf89-3a69ec573c37%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/0B351D47-5D14-4264-BA73-5E606920A9DE%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to