|Japanese page here.|
- jettyTiddlywiki is a standalone application, it contains embed java-server("jetty") and database("sqlite3").
- jettyTiddlywiki is a clone of this website-application, runnnig on google app engine.
- jettyTiddlywiki has not multi-user mode. planed for working in single-user mode.
- jettyTiddlywiki uses SSL connection for data-transport (
httpsprotocol). doesn't accept
httpso far. this means you have to generate
public key:secret keyat first run.
- jettyTiddlywiki uses user id - password pair authorization via session. generated id-pass combination is saved in a hash style, which carefully being encrypted by salt and key-streching.
I made this application, be aimed at intranet use, particularly for something college or small company office.
However, I believe it's also already secure enough to put on world-wide-web.
How to use
- run jettyTiddlywiki.exe
How to run and first set up(windows)
|Download||windows||jettyTiddlywiki_win.zip (5.6Mb, sqlite edition)|
|jettyTiddlywiki_win.zip (3.3Mb, h2-database edition)|
jettyTiddlywiki.exe after extracting zip. run
jettyTiddlywiki always runs with command prompt.
at first run, 2nd command prompt opens for SSL data-transport, generate
public key:secret keypair too.
- 2nd prompt (right one in the picture. it'll show in english in your computer)
2nd prompt asks your name, organization, city, country for make up a verified certification, but jettyTiddlywiki actually just needs generated
public key:secret keyso verified certification is not such important. empty
nooption finally comes, say
yes, prompt asks you
public key:secret keygenerating password. enter password(Don't Forget password!Need it later!)
the public key will be saved in
back to 1st command prompt.
- 1st prompt (left one in the picture. it'll still show in Japanese)
In English, it'll be translated to
【SSL encryption data transport】【secret key】 enter the secret-recovery-key which you entered on the 2nd prompt. The key's going to be saved after another hash-encryption.. Enter the secret-key generated password you entered above. secret-key will be saved in
decryption.keyfile with hash encryption.
After this setting up, jettyTiddlywiki server start running.
go https://localhost:8443. jettyTiddlywiki asks set up website name, administrative user's id and password. after set up, page automatically goes top page.
To shutdown jettyTiddlywiki server, shutdown command prompt.
How to run and first setup(Linux)
|Download||linux||jettyTiddlywiki_jar.zip (5.6Mb, sqlite edition)|
|jettyTiddlywiki_jar.zip (3.3Mb, h2-database edition)|
jettyTiddlywiki-0.0.1-SNAPSHOT-jar-with-dependencies.jar after extracting zip, run it.
java -jar jettyTiddlywiki-0.0.1-SNAPSHOT-jar-with-dependencies.jar
do this command. after this, there's no difference to windows edition.
How to use
MainMenu on the top black bar. you can change the bar contents by editing this
editor will open by clicking
View Code link locates in top rignt.
commit button locates right bottom of the editor, changes will be commit. you can see preview with
Preview button locates left bottom of the editor.
- tiddlywiki tag syntax
Search link locates left of brown bottom bar.
you'll see textfield, enter a word, press
Difference link locates right of brown bottom bar.
you'll see modified history of the page.
Attachment link locates right of brown bottom bar.
you'll see a list of attachments which attached the page and upload form.
Recent Post link locates right of brown bottom bar.
you'll see a list of recently modified pages.
About security issues
1. encryption and decryption of data-transport
jettyTiddlywiki uses SSL feature. that allows to encrypt and decrypt by combination of
public key:secret keypair.
thus, if those both of public and secret key leaks, it means it's decryptable.
those keys saved in following files and maight be not touchable via SQL injection or https data transport, but be aware of ftp or user account hacking.
public key keystore secret key decryption.key
Additionaly, usually we should setting up password on
keystorefile like zip password files, but jettyTiddlywiki don't do that double passwording, so public key information is viewable with default password of server application called jetty. this means it becomes more problem when keystore file will be stolen.
2. hash encrypt of password
jettyTiddlywiki stores user password in database like other applications do.
jettyTiddlywiki does encryption with salt and key-streching again and again.
that strong encryption doesn't allow supposing effective id-password pair even when all password information saved in database has been stolen.(but in any case, if use like
id:test,password:test, technology can not help)