If this conflates things, then you're right not to implement it. Just checking readOnly, however, might not be the securest thing as that might be in spoof-mode thanks to some bookmaklet. On the other hand, maliciously hijacking getUserInfo() to have it return whatever one wants doesn't seem much harder ...although of course, that - hopefully - doesn't grant any server priviledges.
So, to sum things up again ...if one desires a 'secure plugin' it needs to run as a private tiddler possibly requiring ways of attaching related private information to some private tiddler which relates to the public one. As already described a few posts above... http://groups.google.com/group/tiddlywikidev/msg/26b140d7da9b5726 ...a simple way to establish such a relation between a public and a private tiddler might be achieved by interlinking them via some unique identifier stored in corresponding fields. I have created a "Talk" in my TiddlySpace... http://tobibeer.tiddlyspace.com/#%5B%5BOn%20public%20and%20private%20siblings%5D%5D ...with a modified version of store.getTiddler that would allow basic support for looking up a corresponding sibling. Feedback is welcome, either here or over there. Let me know if I should @notify someone else too (or do that yourself). Eventually, this seems a better approach as compared to using some global privateConfig tiddlers for plugins that wish to read/write some private information related to public tiddlers ...which as well required the mentioned id lookup meachnism ot be really secure. Cheers, Tobias. -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/tiddlywikidev?hl=en.
