There are several levels of encrypted communication in a client server environment.
- HTTPS … in general encrypts the communication data “in motion”. Which avoids “man in the middle attacs”. Configuring a public facing server for HTTPS is obligatory.
- Local Storage … is data “at rest”. If you want to read the browser local storage, you have to have physical access to the device. So the easiest way to block access there is strong OS passwords. If you need to protect your data if someone dismantles your hard drive from the PC you should use OS level encryption, which is completely transparent for apps and does not need any work for TW.
- Encrypted Local Storage … See 2). If you need encrypted local storage, because you want to — You will need to have a closer look at TiddlyPWA – The TW core does not encrypt local storage at the moment.
-
.htaccessfiles are used by servers to create a “username” / “password” prompt if you want to enter the site. This is mainly configured by “proxy” servers, which are in front of a TW server. – This depends on how you did configure your server.
Hope that makes sense.