Hi Tobias I'm the developer and maintainer of TiddlyFox - help always gratefully received, I don't get much chance to work on it.
I decided against making TiddlyFox a general purpose trapdoor for executing privileged operations because that plugin already exists: https://github.com/brettz9/asyouwish/ TiddlyFox is focussed on supporting self-modifying HTML files. The smaller scope makes it somewhat less of a security risk. It certainly could do more, but if I had the bandwidth to work more on TiddlyFox there's a bunch of higher priority stuff: a better, non-modal UI for asking for permission, a UI for inspecting and revoking privileges, TiddlySnip, and backup management. Best wishes Jeremy On Fri, Nov 8, 2013 at 11:15 AM, Tobias Beer <[email protected]> wrote: > Whomever maintains TiddlyFox (who is it?), > > Theoretically speaking, how far fetched would it be to have TiddlyFox > provide a read+write API allowing TiddlyWiki (i.e. its javascript > framework) to access the local filesystem? ...so as to be able to: > > - manage backups (LessBackupsPlugin style) > - update lock files > - create rss feeds > - make a plethora of TiddlyTools plugins work again, e.g. > ImportTiddlersPlugin, AttachFilePlugin, ShowLocalDirectory, etc... > - export TiddlyWiki contents to files > - read external files or folder structures that are to be documented > within TiddlyWiki > - etc... > > It seems to me there is a high demand for local filesystem access, most > definitely with respect to reading files and folder structures but also for > writing well-defined files to well-defined locations. > > As for security concerns, I would not mind creating some *TiddlyFox.ini* or > the likes (in case a configuration UI requires too much work) where one can > specify the folders for which TiddlyFox is allowed read or write access or > both, the default being r+w access only to the location where a TiddlyWiki > resides. > > Personally, I would even skip the entire security debate until the moment > some nasty idiot actually tries to exploit TiddlyFox via TiddlyWiki to > wreak havoc in a local filesystem. I mean, how utopian is this scenario? As > far as I'm concerned: entirely! > > So, I would personally deem it safe (on my machine) for TiddlyFox to > provide local file-io for TiddlyWiki not only with respect to the folder in > which a TiddlyWiki resides (and any subfolders) but actually also for my > documents folder / partition. If there would ever be a plugin with the > potential to endanger huge chunks of my local filesystem I'd be sure not to > use it, simple. I mean, I am not installing viruses either. > > Tobias. > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWikiDev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/tiddlywikidev. > For more options, visit https://groups.google.com/groups/opt_out. > -- Jeremy Ruston mailto:[email protected] -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywikidev. For more options, visit https://groups.google.com/groups/opt_out.
