Hi Dave, If you have your own server, you might be able to add SSL. SSL requires a certificate, which used to run $100 a year. Some hosts will let you use a shared one that works for everyone on the machine. Or you can generate your own uncertified one. An uncertified certificate will cause your browser to generate alarming messages but you just add them as a permanent exception to your browser and then you're good to go. An uncertified certificate will encrypt your traffic just as well as a certified one, it's just that your browser doesn't have a chain of trust back to the uncertified one.
You mentioned that your Wordpress account got hacked, and I notice that a lot of people are suggesting .htaccess as a security step for WP. In some systems you can add .htaccess straight from your account control panel. In others, you have to add a .htaccess file directly to the directory you want protected. The .htaccess file gives instructions to the server to not let anyone access files in a directory unless they have the right name and password. When you first attempt to browse a directory with this security on it a pop-up menu will ask for your name and password. After that (if memory serves) your name and password will be stored in cookies on your browser so you don't have to do it over and over again. .htaccess security is not invincible -- on some systems the actual password maximum is only 8 characters. But if coupled with SSL, most hackers aren't going to take the time to brute force it. There's much easier places for them to plant their spam. HTH Mark On Wednesday, April 26, 2017 at 7:14:48 AM UTC-7, David Gifford wrote: > > Hi lost admin > > My concern is the one contained in > http://tiddlywiki.com/#Saving%20on%20TiddlySpot, since the store.php is > the same process as Tiddlyspot. > > Dave > > On Wed, Apr 26, 2017 at 9:08 AM, Lost Admin <thelos...@gmail.com > <javascript:>> wrote: > >> When you say the insecurity of the store.php approach worries you, what >> exactly are you worried about? >> >> I agree there are security issues with store.php but I have seen far >> worse issues in commercial applications. >> >> Personally, I was concerned that store.php uses cleartext passwords in >> it's configuration file. So, I changed my copy to use a hash of the >> password (for the technical minded, I used the hash format for Apache >> Digest Authentication). >> >> Store.php has settings to override the tiddlywiki configured filename and >> backup directory, I used those to prevent someone from uploading arbitrary >> files. >> >> There is still an issue of brute force password guessing that I haven't >> decided how I want to resolve yet. >> >> On Monday, April 24, 2017 at 4:16:48 PM UTC-4, David Gifford wrote: >>> >>> >>> It does concern me, though, the level of insecurity of the store.php >>> approach. So I will still eventually experiment more with Noteself. But to >>> be honest I do need the ability to link between files and permalink to >>> share with others. >>> ... >>> >> Dave >>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "TiddlyWiki" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/tiddlywiki/OCUp73Bads0/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> tiddlywiki+...@googlegroups.com <javascript:>. >> To post to this group, send email to tiddl...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/tiddlywiki. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/tiddlywiki/15a32c0d-1bc9-4a0a-8dc4-1f0ba849f031%40googlegroups.com >> >> <https://groups.google.com/d/msgid/tiddlywiki/15a32c0d-1bc9-4a0a-8dc4-1f0ba849f031%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > David Gifford > Christian Reformed World Missions, Mexico City > > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywiki@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/a3f22134-533b-4254-b607-64eb08201c9c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
