Thanks for the explanation. That makes sense. Sorry for all of these questions...I'm a curious fellow. If there was a security flaw with PmWiki, would that affect the core of Tonido and potentially give the attacker access to my hard drive? I suppose this could be the case with any app or even Tonido itself but I wasn't sure if the apps are sandboxed.

I don't know of any glaring security issues with PmWiki. The HTML path only has PmWiki stuff in it. It shouldn't allow downloading etc outside of the HTML path. Also, you have the Tonido Server Security which will lock people from gaining access to other areas.

Now, if you install certain cookbook recipes (plugins) that allow dangerous things, then yes, you have opened a hole in your server.

With that said, if you are the type that wants greater security, change the authentication from anonymous to guest or owner in the manifest.xml; then only people who are first logged into Tonido can access the wiki. With Tonido Authentication enabled, you could safely enable reading the wiki without password and limit editing to password if you wish.

I personally am okay with leaving it only behind PmWiki Authentication. I generally feel I keep a low profile, so I don't think I am a high security target.

I fall into the same bucket but I don't assume anything and I like to be prepared.
Again, thank you for the information.

@snoober: No joy using the relay address. Still literal 192.168.x.x links appear on pages.

@facelessuser: I guess I need to wait for your future fix, unless there is a file I can edit in the meantime to access the wiki from outside my network...

Yeah, there is something you can edit. You need to edit the config.php file in pmwiki/local

find the following code:


and change the the last line:

I will probably need to move this out of the config file in the future. I put it there because I thought I wouldn't have to edit it in the future, but it looks like I will. It will make the next update a little annoying, but I think it will make the code easier to manage in the future.

@Krispy
I may try and contact you when I start working on a fix. Your case is unique, and I really don't have a way to duplicate the situation here.

Thanks, looks like it worked. I won't be able to actually check from outside until my next trip to the office next week. I don't understand how my situation is unique though. I'm running my plug 'out of the box' with no special config.

Hmm. I misunderstood. I thought you were using a different redirect service. If you are using the Tonido Relay, it should work. I use the default config ip settings, and I use the default relay with no issues from work etc.

Your setup may not be unique, but your problem is. I would be curious to see some PHP info from you to see what it is serving up to the wiki. Something with your network is odd. It is odd that you would be getting an internal ip returned to the webpage while accessing it from outside.

Basically, in order to get the links formatted properly with out hard coding as I have had you do, I would have to figure out what php variables are serving up correct info for you, or close enough. If php is serving up some info unreliably I may be able to grab other variables that are more reliable but not specific to what I am looking for. It may take more coding to parse variables not really desinged to give me what I am looking for, but if the data is reliable it may be worth it. There may not be anything I can do. I have not experienced the issue you are describing.

In the end it may just be a local network issue.

After doing more troubleshooting, it seems my plug has problems. I think I need to reflash. I tried using a usb boot build and everything works great! I would keep using this setup, but it is not reliable. If I start the plug from power off, it will boot externally, but any reboot thereafter causes it to boot to the internal system.

Sorry to hear about your plug. I thought at first you discovered some bug, but the more I thought about it and after doing more testing, the less I figured the issue was with the app.

In the next week I am going to start do some more work on this.

Plans:

• Update to the latest PmWiki (contains some security fixes)
• Maybe modify the launch/update/install wrapper (load times were not as bad as I thought when I profiled it, but it won't hurt to maybe optimize its load times (not critical)
• Maybe update the install/update UI. We will see how adventurous I am feeling.
• Put together a Windows version (This will basically be the same minus the installer because I can't use symlinks to place the content outside the user plugin directory. The big thing I need to test is how easy updating will be.)

If anyone has suggestions feel free to let me know.