Safe mode issues and Mechanism

[TonyM]

Hi folks

I would like a little more information on Safe mode issues and its Mechanism.

I would be keen to extend the documentation at https://tiddlywiki.com/#SafeMode a little with what I learn here.

First some basic Questions

• Once accessing safe mode how do we reverse it?
• Simply reloading without #:safe is not enough
• Perhaps we need a button that does a safe mode reversal?
• Or could we use #:safeoff to resent changes caused by #:safe mode

The mechanism to invoke safe mode uses "#:safe"  on the URI, is it possible for us to leverage this to encode other ways to load a wiki?

• Could we define other "#:name" entry points?
• I am aware of the value of #tiddlername and "?value" or "?keyword=value" combinations
• A little help to parse "keyword=value" pairs in the core would be helpful eg
  
• A variable <<keyword>> gets the "value"
  
• Is there a way for me to determine in wikitext if we are in safe mode?

Thanks in advance
Tony

[TonyM]

Minor update to original post

Tony 

[PMario]

On Wednesday, May 15, 2019 at 2:22:22 AM UTC+2, TonyM wrote:

First some basic Questions

• Once accessing safe mode how do we reverse it?
• Simply reloading without #:safe is not enough

If you load https://tiddlywiki.com/#:safe ... It will be automatically deactivated if you do a browser page reload.

-m

[PMario]

On Wednesday, May 15, 2019 at 2:22:22 AM UTC+2, TonyM wrote:

...

The mechanism to invoke safe mode uses "#:safe"  on the URI, is it possible for us to leverage this to encode other ways to load a wiki?

• Could we define other "#:name" entry points?
• I am aware of the value of #tiddlername and "?value" or "?keyword=value" combinations

You'd like to go for search results?

eg: https://tiddlywiki.com/#:[search:title,caption:literal,casesensitive[Hello]] will open all tiddlers where it finds "Hello" in the title.

-------------------

If you want to have a possibility to change tiddler content, that will be a security risk.

have fun!

mario

[PMario]

also see: https://tiddlywiki.com/#PermaLinks

-m

[TonyM]

Mario,

Consecutive reloads, and browser restarts, alternative browser (Chrome) without the save mode trigger still open the tiddler

TiddlyWiki Safe Mode

In Sidebar recent  I see a number of SAFE: Tiddlers.

I thought it would do as you say and it did once or twice but not now.

I stopped a plugin that was causing a javascript error that led me to safe mode, but no change

latest FireFox browser is me default.

Regards

Tony

[TonyM]

Mario,

Thanks for the search format, I now recall that from before. 

https://tiddlywiki.com/#PermaLinks does help a lot, thanks.

I was calling the "?" search because the info field in which it is returned, as per documentation.

$:/info/url/search

Search portion of URL of wiki (eg, )

I am still stuck in safemode as per recent post

I am still keen to resolve for following but perhaps I need to start a new thread?

The mechanism to invoke safe mode uses "#:safe"  on the URI, is it possible for us to leverage this to encode other ways to load a wiki?

• Could we define other "#:name" entry points?
• I am aware of the value of #tiddlername and "?value" or "?keyword=value" combinations

• A little help to parse "keyword=value" pairs in the core would be helpful eg
  
• A variable <<keyword>> gets the "value"
  
• Is there a way for me to determine in wikitext if we are in safe mode?

On the security issue, I am aware that people can harvest info from a visible URI and I will take this into account, however the power of passing info to a TiddlyWiki is very useful.

Regards

Tony

[PMario]

Hi,

Did you have a look at the $:/DefaultTiddlers content? It may seem that the safe mode is still active. But it is not?

Are your TW plugins working again after reload?

-m

[PMario]

On Thursday, May 16, 2019 at 2:41:18 AM UTC+2, TonyM wrote:

...

On the security issue, I am aware that people can harvest info from a visible URI and I will take this into account, however the power of passing info to a TiddlyWiki is very useful.

Info yes. ... content: _no_

My concerns are not about privacy. ... It's about security. If we can inject content with the address bar into a TW, we could inject evil code using an URL shortener.

• So I could create a shortURL that points to a TW, that you host and inject some "trojan" code.
• Users may download this wiki from your page and save it to their HD.
  
• Since a file based TW can be splitted into tiddlers in a directory.
• This TW can be hosted using node.js or may be BOB
• The sleeping code could be activated, if executed on the server

I think that's a security problem, since the injected code can run with "server access rights" now.

have fun!

mario

[@TiddlyTweeter]

PMario wrote ... 

I think that's a security problem, since the injected code can run with "server access rights" now.

have fun!

This isn't fun! :-|

Its a concern. And a real one. 

I'm not so good on how the hacks work. I'm very aware they exist from having been hacked (not in TW, but via JavaScript exploits). 

Question: What is the way to prevent it?

Best wishes

Josiah

[PMario]

On Thursday, May 16, 2019 at 12:07:10 PM UTC+2, @TiddlyTweeter wrote:

...

Question: What is the way to prevent it?

We don't create a mechanism, that allows to inject content from the address bar.

We can send information to the core, as we did with #:safe mode.

At startup we can check the address bar if it contains "permalinks and permaviews" ...

But we can't do stuff like: Write content to $:/config/newContent tiddler.

That's basically it.

-m

[TonyM]

Folks,

Just to clarify the original question and the subsequent discussion I am not talking about injecting code only responding to the parameters found on the URI.

There is already a fairly rich set of possibilities, and this is in keeping with normal website design. I am just hoping to commoditize some of these, such as responding to key=value pairs and converting them to global variables the wiki can respond to once loaded. 

There is the possibility of increased security by wise design by for example providing the pass phrase to a tw-receiver saving mechanism on the command line (Visible or otherwise). Thus at any point this pass phrase chan be changed at the server or not provided to the wiki so no save is possible.  Once I develop my skills further I can pass other secrets that decrypts tiddlers or wikis only if another auth process supplies it.

Such mechanisms should be equally as valid with node and single file wikis. It seems to me on the auth front and invocation process we have mechanisms being developed for the node wikis and single file wikis are increasingly neglected. 

As mario says We can send information to the core, as we did with #:safe mode. At startup we can check the address bar if it contains "permalinks and permaviews" ... but I want to take this further, in effect extending the info mechanism to parse the parameters and store them in tiddlers such as [prefix[$:/info/]] providing a helper for parsing such values (safely) provides designers with a secure set of tools and discourages them from using less secure bespoke solutions, we could even build additional tests to sanitise the information provided on the URI.

I hope I making myself clearer despite being somewhat of a newcomer to such methods.

Regards

Tony