I am currently playing with "real-time multiplayer" capabilities for TW5, so this is an interesting security vulnerability to be aware of.
My primary concern was "what if a malicious user connected a MIS-IDENTIFIED wiki to a real-time server. It has a bunch of malicious tiddlers, and it DOES NOT have a bunch of tiddlers that exist in the server copy." The real-time sync, once authenticated and authorized, would just absoloutely wreck the server-copy of the wiki in this instance. Similarly, being able to some-how sync malicious javascript code, hidden in a data-uri to the server, which will sync it to all connected users is a concern... Best, Joshua Fontany On Tuesday, August 17, 2021 at 10:12:13 AM UTC-7 TiddlyTweeter wrote: > Mark S. wrote: > >> That was one of the concerns with TWederation. You could import from >> someone you trusted who imported from someone they trusted who ... actually >> couldn't be trusted. It's kind of a hard problem. >> > > *Right! *It IS an interesting issue. But *maybe as much an > anthropological issue as a technical one. * > Suddenly tech switches into *"HOW CAN I TRUST?" *mode. > Despite the fact most everyone, well everyone, here (you, reading this) is > completely trust-worthy. > I think its a basic sociological fact that much of the internet is NOW > premised on the idea you can't trust anyone. > It has led to a kind of "authentication gymnastics" that makes doing some > things very convoluted. > > Just rambles > TT > >> >> On Tuesday, August 17, 2021 at 8:13:42 AM UTC-7 [email protected] wrote: >> >>> >>>> I'd be more concerned about people being tricked into importing a >>>> tiddler that contained code like this. >>>> >>> >>> From my perspective this is the only practical concern, and once again >>> emphasizes the need to be careful when importing content from others. >>> >> -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/cc9f0a92-b213-40eb-92fd-4dbf60246723n%40googlegroups.com.
