Hi Scott, So take everything I'm about to say with a giant grain of salt - a lot of this assumes that an attacker is *very *interested in your wiki!
If you were sitting in a café with your laptop connected to unencrypted WiFi and you were connecting to TiddlyWiki on your laptop from your phone, the contents of your wiki would be visible to anyone wanting to sniff traffic out of the air. From a cursory look at the TiddlyWiki server code, it looks to me like TiddlyWiki uses basic authentication, which means one could easily derive your username and password from this traffic. Without observing traffic an attacker would have a harder time, but I guess they could port scan to find open ports on your laptop and try to brute-force your username and password - assuming the network operator allows different WiFi clients to talk to each other. Regarding port forwarding, you're in a similar situation - TiddlyWiki serves its traffic over HTTP, so anyone between the machine accessing your TiddlyWiki and your home router could sniff this traffic. To fix packet sniffing, this is fairly easy to guard against (I'm not sure how technical of a background you have, so be warned - here be dragons!) - you could use an HTTPS reverse proxy like nginx with Let's Encrypt to provide a certificate to encrypt the traffic between your laptop or router and your Android/iOS device. To protect against brute forcing, you would probably want some mechanism to deny a user after a certain number of incorrect tries, like fail2ban. -Rob On Wednesday, August 29, 2018 at 5:25:11 PM UTC-5, Scott Kingery wrote: > > After some poking around this forum I've been starting my tiddlywiki on my > LAN with: > tiddlywiki .\mytiddlywiki --server 12864 $:/core/save/lazy-images > text/plain text/html "myusername" "*MYsecretPassword" 0.0.0.0 > > It's cool because I can get to my wiki from anywhere on the LAN and works > nice on Android and iOS because I can browse to the wiki without much other > hassle. > > Not too worried about security because the only one who knows about it is > me. I am wondering how secure this is if it were on a larger LAN than my > house? Or maybe some port forwarding to get to my server from outside my > LAN. > > Thanks, > Scott > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/b6d80db9-1904-4190-b16c-418b7842b033%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
