While responding here I was thinking a little further about general security of tiddlywiki, and although not a full time security analyst, white or black hat coder, I may have found one way to install malicious code.
Perhaps we should create an invitation only category in talk.tiddlywiki, and proactively research how to hack tiddlywiki, with a view to discovering and defeating malicious hacking?
- How can we decide who to include in such a group?
Please note, before one dismisses this as it is not possible to hack TiddlyWiki, I am talking about an open, creative exploration to validate this assumption. I will not share publicaly, but I already have some ideas.
- I am aware of a number of possible attack vectors we need to consider.
Security continues to be a serious threat to internet and software of any kind. There are at least two concerns we need to address, people accessing our wikis and people using tiddlywiki as part of a scam, the former being a risk to TiddlyWikis reputation.
If you recognise the risk, consider replying with a message, we can have a private conversation with two or more in the message system