ziddlywiki users, private tiddlers question
veek
I was trying out ziddlywiki and I'd really like to be able to have
private tiddlers.
In the ziddlywiki documentation there is a warning about private
tiddlers:
"Now you can mark certain tiddlers as "private", causing them to only
appear if you're logged in. To do so, add the "private" tag to your
tiddler.
Warning: Crafty people who know the name of your private tiddler can
get to its content by going to the right URL. You probably shouldn't be
putting your credit card number in a tiddler anyway."
My question is does this warning still apply?
I tried accessing a private tiddler using a direct URL (via permalink)
while logged out and the tiddler title loads, but the content is
missing.
does that mean the problem is solved or is there some other way for
unauthorized people to view the content of private tiddlers?
veek
Bob McElrath
modifications:
* If chkHttpReadOnly, do not attempt to unlock tiddlers on 'view'
* Fix escaping to match the core. (WRT HTML entities ", <,
>, &, <, >) WARNING -- this will require you to convert your
tiddlers in Zope. A new script is provided for this:
ZiddlyWiki/upgrade. Copy it to the location of your 'tiddlers' folder
and run it like http://your.site/TiddlySite/upgrade. Do this only
ONCE for each tiddlywiki site you're running, then delete the upgrade
script.
* When a tiddler tagged with 'private' is saved, the Zope permissions
will be set to make it not accessable through
http://your.site/TiddlySite/tiddlers/<private tiddler> The above
upgrade script will also add these permissions to any existing private
tiddlers.
* A few changes to empty.html to avoid extraneous redraws of buttons in
firefox. (reported here a few days ago)
Before doing the upgrade, BACKUP YOUR DATA!!!! I don't guarantee it
won't horribly clobber your site.
This upgrade may be of interest to people wanting to migrate to another
server-side. Because of this escaping problem, the tiddlers as stored
in the Zope database were not identical to what you see when you edit in
the tiddlywiki. (After the upgrade, they ARE) So, copying your
tiddlers directly from your ZiddlyWiki to files may not work without
this upgrade. Again this only affects tiddlers containing HTML
entities, and <>. (But, everyone probably has a tiddler containing a
<<macro>> so this probably affects everyone)
You can get this here:
http://bob.mcelrath.org/ZiddlyWiki-2.0.11.1.zexp
Tim Morgan's (original ZiddlyWiki author) site seems to be down
completely now...
veek [mov...@verizon.net] wrote:
>
> You can disregard this message, I'm using coolcold's ccTiddly now :)
How many people are still using Ziddly? Is there interest in
maintaining it?
Permalink won't work (because the tiddler isn't in the delivered html
file), access the private tiddlers via a direct link to your tiddlers
folder:
http://site.name/TiddlySite/tiddlers/<private>
where you would normally access your site via
http://site.name/tiddlySite and <private> is the name of the private
tiddler.
I've modified ZiddlyWiki to remove the 'View' permission on private
tiddlers, so the above "crafty hack" doesn't work.
--
Cheers,
Bob McElrath [Univ. of California at Davis, Department of Physics]
Only after you've tried to figure something out for yourself and
failed are you ready to absorb "the answer."