Is there a simple password protection available for non server users?

stefan_from_germany · May 13, 2025, 9:53pm

Hi,

I am using the TW in many use cases.

Most of them are “local” stored or do not have sensitive data stored, so I save them to my home page and call them like www.example.com/mywiki_1.html. Fine so far.

Now I am looking for a possibility to have a simple password protection.
If, who ever, is calling my wiki, it would be fine to have a simple login page before giving access to the wiki. My server is not offering node.js and no other possibilities like php etc… Only html file and other content is possible to store here.

I do not need different users. Only a welcome page checking the password and if correct giving access to the wiki.

Is this available by using a plugin or other possibilities?

Thank you for help
Stefan

EricShulman · May 13, 2025, 11:24pm

The TWCore allows you to set a password for a single-file TiddlyWiki.

see https://tiddlywiki.com/#Encryption

To use:

Press the “set password” button (in the Sidebar Tools tab)
A special modal dialog will appear
Enter your desired password TWICE.
Press the “Set password” button
Save your TiddlyWiki

Whenever you load that TiddlyWiki, you will be prompted to enter a password and press the “Decrypt” button. The normal startup sequence then continues (only if you have entered the correct password).

Note that your password is NOT stored in your TiddlyWiki file. Rather, it is stored in your browser’s “local storage” for the domain on which the TiddlyWiki file is hosted (or file:// if using a non-hosted local file).

You can use your browser’s debugger to view/edit the local storage. In Chrome, you can right-click on the page background and choose “inspect”, then select “Application” from the top menu, and “Local storage” from the left side menu. Then, select the desired domain (or file://) to see a list of Key/Value pairs.

The local storage key for your TiddlyWiki password is “tw5-password-mykey”. Note that the corresponding value is stored as plain text (i.e., UNencrypted). This is moderately safe, as long as you are the only person who uses that browser on that computer.

enjoy,
-e

pmario · May 14, 2025, 1:02am

On the server side you can probably use basic authentication. It uses an .htaccess file on the server, where it can define directory level access control.

There should be some information about basic access from your server provider. It is important to use an HTTPS connection if basic auth is used.

As said. More info should come from your server provider.

vuk · May 15, 2025, 3:42pm

This made me realize I don’t know exactly what’s happening here and since the context seems fitting to me, I’ll ask in this thread.

I used to think that a single HTML file wiki that is password protected is fully offered by the server anyway, since it’s just a static HTML file. Anyone, even if not knowing the password, is able to fully download it (transparently, when opening it in the browser), or in batch mode, by using a command line tool, like wget. Now, getting access to the plain text data in that wiki, is a totally different question, and it requires knowing the password and filling the password after loading the wiki in the browser (either from an URL address on a remote web server or from a local file on disk). Is this correct?

pmario · May 15, 2025, 4:07pm

A password protected wiki, which uses the built in encryption will be saved with all the tiddlers fully encrypted. If you do not know the password you will not be able to read the plain text content.