On Tuesday, May 3, 2016 at 4:55:00 AM UTC+2, Stephen Kimmel wrote:
I did find 7 statements in this post and I try to respond to them, by describing the mechanisms that are used to create the TW functionality. So your security OPS can make there own picture.
Some general remarks.
Open Source:
------------
Almost everything, if not everything in the TiddlyWiki ecosystem is open source. So the source code is publicly available and reviewable by everyone.
TiddlyWiki [1], TiddlyFox [2], TiddlyIE [3] links are at the end of the post.
Single Page App (SPA)
---------------
TiddlyWiki is a SPA. Once it is loaded from eg:
http://tiddlywilki.com you can disconnect your computer and TW will be fully functional.
TiddlyWiki doesn't need any server backend to be functional and it doesn't send any info to any server, except the user wants this behaviour (plugins).
tiddlywiki.com contains the tw google analytics (ga) plugin, to get minimal statistics.
but
If you download tiddlywiki, this code is deactivated or not included at all. So empty.html doesn't include any plugins.
Only if you download "full wiki", you get everything as requested, but ga is inactive. It only works with
tiddlywiki.com otherwise everyone would be able to spam the statistics.
----------------
1) "How secure is our corporate data?"
TiddlyWiki is a pure HTML file. So you can open it with any text editor, if you need to.
If you talk about "access rights", the same rules apply, that are valid for every other file type. As mentioned above HTML is pure text and the file format is standardized.
In a "discoverability" sense of the question, it is as secure or even more secure, than proprietary file formats used in many companies. Just try to open a 10 year old word file. Opening a 10 year old TW file is no problem. It should work with every standard browser and it definitely works with every standard text editor.
The TiddlyWiki core contains an open source encryption library [4], that lets you encrypt the internal tiddler store. The mechanism used is AES256, which is considered secure at the time of writing. There is an ongoing discussion, if browsers are a good environment for encryption. But that's a different topic.
2) "How do you know it isn't transmitting data outside the company?"
As written in the intro: TiddlyWiki is open source.
As you mentioned in 5) browser vendors block transmissions that they consider potentially insecure. Actions, that are blocked differ a little bit between different browsers.
One of these measures prevent a TiddlyWiki, that was started from a file:// URI to be able, to upload itself to a http:// URI eg: tiddlyspot
So for the "save from file:// URI to http:// URI" we can say. ... latest browsers prevent this mechanism. If you need this behaviour now, you need to install a proxy server.
3) "How do you know it won't damage the data on our network?"
That's very similar to 2).
There are 2 mechanisms that are used to save a TW.
a) We call the first mechanism the "fallback mechanism", because it works on every browser.
TW uses the built in browser download mechanism, which creates a new file with every download.
This mechanism is the same, that you use to download any other file from the net. So the restrictions are defined with your browser settings. (eg: Most browsers use the user "Downloads" folder as a default save position)
b) To activate the ability, that TW can overwrite itself [5] on the file system, we need browser plugins. TiddlyFox [2] for FireFox and TiddlyIE [3] for InternetExplorer. Chrome, Safari and some other browsers only support possibility a)
Both TiddlyFox and TiddlyIE are open source!
With the latest FireFox browser, extensions are only allowed to be executed, if they are signed by Mozilla. TiddlyFox is a signed extension [6].
4) My first reaction is to discount this as paranoia but I don't know the inner workings of TiddlyWiki well enough to know it isn't doing those things and I'm not sure anyone but Jeremy (and perhaps Eric) do know.
Hopefully some others know too ;)
5) Still Firefox and most modern browsers have gone out of their way to prevent applications like TiddlyWiki from working.
Yes. See 2) and 3)
There are several other browser security measures, that should prevent any website from having unwanted effects. All these mechanisms are also active with TW.
6) On a separate but related note, one of the math routines developed for TiddlyWiki used a separate math package to avoid using the "dangerous" javascript eval function.
As Eric pointed out, the TiddlyWiki wikitext parser contains some "sanitation" functions, that filter potentially dangerous html code from "copy / pasted" tiddler content. eg: script tags. ...
So the most important factor here is the user. We have to say: "Only use content, that you trust!".
So if you dynamically want to include external libraries you can do so. Every website can do so! ... But with TW
you are the owner. So you explicitly have to activate the behaviour.
7) Could some malicious bastard create a plugin that could actually damage our computers or our data outside the Wiki?
If s/he manages to brake out of the browser sandbox. ... But this is true for every other website you visit!
The advantage here is. ... The browser vendors do their best to prevent harm from any user. So that's why, if you
use the latest stable browsers your should be relatively safe!
Speaking for TW plugins. You (the owner) need to install them and tiddlywiki.html is "just a webpage". So it inherits all the restrictions, valid for every web page.
hope that helps
have fun!
mario
[1]
https://github.com/Jermolene/TiddlyWiki5[2]
https://github.com/TiddlyWiki/TiddlyFox[3]
https://github.com/davidjade/TiddlyIE[4]
http://tiddlywiki.com/#Encryption[5]
http://tiddlywiki.com/#GettingStarted[6]
https://addons.mozilla.org/en-US/firefox/addon/tiddlyfox/