jettyTiddlywiki(english)

Japanese page here.
jettyTiddlywiki
/file/jettyTiddlywiki/jtw.png
Repository launchpad
Download windows jettyTiddlywiki_win.zip
linux jettyTiddlywiki_jar.zip
Revision 31 (2014.1.25)
  • jettyTiddlywiki is a standalone application, it contains embed java-server("jetty") and database("sqlite3").
  • jettyTiddlywiki is a clone of this website-application, runnnig on google app engine.
  • jettyTiddlywiki has not multi-user mode. planed for working in single-user mode.
  • jettyTiddlywiki uses SSL connection for data-transport (https protocol). doesn't accept http so far. this means you have to generate public key:secret key at first run.
  • jettyTiddlywiki uses user id - password pair authorization via session. generated id-pass combination is saved in a hash style, which carefully being encrypted by salt and key-streching.

I made this application, be aimed at intranet use, particularly for something college or small company office.
However, I believe it's also already secure enough to put on world-wide-web.

How to use

/file/jettyTiddlywiki/ccc.png
running application
  1. run jettyTiddlywiki.exe
  2. open https://localhost:8443

How to run and first set up(windows)

Download windows jettyTiddlywiki_win.zip (5.6Mb, sqlite edition)
jettyTiddlywiki_win.zip (3.3Mb, h2-database edition)

/file/jettyTiddlywiki/win4.png
you see jettyTiddlywiki.exe after extracting zip. run jettyTiddlywiki.exe.
/file/jettyTiddlywiki/sslkey.png

jettyTiddlywiki always runs with command prompt.

at first run, 2nd command prompt opens for SSL data-transport, generate public key:secret key pair too.

  • 2nd prompt (right one in the picture. it'll show in english in your computer)

2nd prompt asks your name, organization, city, country for make up a verified certification, but jettyTiddlywiki actually just needs generated public key:secret key so verified certification is not such important. empty Enter, empty Enter, empty Enter, empty Enter..

when say yes,no option finally comes, say yes.
after say yes, prompt asks you public key:secret key generating password. enter password(Don't Forget password!Need it later!)
the public key will be saved in keystore file.

back to 1st command prompt.

  • 1st prompt (left one in the picture. it'll still show in Japanese)

prompt says 【SSL暗号化通信】【復号鍵】 先の別プロンプトで入力した秘密復号鍵を入力して下さい。これを更に非可逆ハッシュ変換して保存します.
In English, it'll be translated to 【SSL encryption data transport】【secret key】 enter the secret-recovery-key which you entered on the 2nd prompt. The key's going to be saved after another hash-encryption.. Enter the secret-key generated password you entered above. secret-key will be saved in decryption.key file with hash encryption.

After this setting up, jettyTiddlywiki server start running.

/file/jettyTiddlywiki/idpass.png
go https://localhost:8443. jettyTiddlywiki asks set up website name, administrative user's id and password. after set up, page automatically goes top page.

/file/jettyTiddlywiki/win3.jpg
I recommends you to use any webbrowser but MS IE, since javascript runs terribly in that browser.
To shutdown jettyTiddlywiki server, shutdown command prompt.

How to run and first setup(Linux)

Download linux jettyTiddlywiki_jar.zip (5.6Mb, sqlite edition)
jettyTiddlywiki_jar.zip (3.3Mb, h2-database edition)
/file/jettyTiddlywiki/linux.jpg
after java -jar jettyTiddlywiki-0.0.1-SNAPSHOT-jar-with-dependencies.jar command on linux

you see jettyTiddlywiki-0.0.1-SNAPSHOT-jar-with-dependencies.jar after extracting zip, run it.

java -jar jettyTiddlywiki-0.0.1-SNAPSHOT-jar-with-dependencies.jar

do this command. after this, there's no difference to windows edition.

How to use

/file/jettyTiddlywiki/mmm.png
opened MainMenu on the top black bar, and opened editor from View Code link

open MainMenu on the top black bar. you can change the bar contents by editing this MainMenu.
editor will open by clicking View Code link locates in top rignt.
push commit button locates right bottom of the editor, changes will be commit. you can see preview with Preview button locates left bottom of the editor.

tiddlywiki tag syntax
Tag

search

/file/jettyTiddlywiki/hs.png
searching

click Search link locates left of brown bottom bar.
you'll see textfield, enter a word, press Enter key.

modified history

/file/jettyTiddlywiki/mdf.png
modified history

click Difference link locates right of brown bottom bar.
you'll see modified history of the page.

attach file

/file/jettyTiddlywiki/mat.png
file attachment

click Attachment link locates right of brown bottom bar.
you'll see a list of attachments which attached the page and upload form.

recent activities

/file/jettyTiddlywiki/mre.png
recent posts

click Recent Post link locates right of brown bottom bar.
you'll see a list of recently modified pages.

About security issues

1. encryption and decryption of data-transport
/file/jettyTiddlywiki/keys.png

jettyTiddlywiki uses SSL feature. that allows to encrypt and decrypt by combination of public key:secret key pair.
thus, if those both of public and secret key leaks, it means it's decryptable.

those keys saved in following files and maight be not touchable via SQL injection or https data transport, but be aware of ftp or user account hacking.

public key keystore
secret key decryption.key

Additionaly, usually we should setting up password on keystore file like zip password files, but jettyTiddlywiki don't do that double passwording, so public key information is viewable with default password of server application called jetty. this means it becomes more problem when keystore file will be stolen.

2. hash encrypt of password

gaeTiddlywikiパスワード管理について
jettyTiddlywiki stores user password in database like other applications do.
jettyTiddlywiki does encryption with salt and key-streching again and again.
that strong encryption doesn't allow supposing effective id-password pair even when all password information saved in database has been stolen.(but in any case, if use like id:test,password:test, technology can not help)


Development
jettyTiddlywiki pom
このソフトにHTML出力機能つけたところで、FTPソフトは別個にインストールして起動しなきゃならないし、使う人いるの?

jetty ssl, digest auth gaeTiddlywikiパスワード管理について
jetty 静的ファイルとサーブレットとルートディレクトリ
jetty-core-6.1.14をclasspathに入れるのが面倒なので自分でm2に入れる
session id authorization確認

    last modified: 25 January 2014 [ View wiki source Close ]
     
SEARCH DIFFERENCE ATTACHMENT RECENT POST