On Thursday, April 22, 2021 at 12:40:43 PM UTC+2 [email protected] wrote:

> Whoops, just realized my mistake: only the creator of the TiddlyWiki or 
> someone with the correct PAT can save.
>

That's right. ... And there actually is a problem, that worried me at the 
beginning and it still does 
<https://github.com/Jermolene/TiddlyWiki5/issues/4525>. The existing TW 
code, stores the PAT in plain text in the browser local storage. .. That 
means, if I do have access to your PC it will probably take 10 seconds for 
me to get your github access token. ... I'll need a mobile phone to make 
photo. 
 

> I guess my real question is if TiddlyWiki does save by html tag, or if it 
> grabs the values of Tiddlers individually and safely adds this code into 
> the existing repo file. If so, how is this possible? It would seem like the 
> GitHub API does not allow you to use existing code and just add new content 
> in. 
>

As I wrote. Using several files, doesn't make it more secure.  ... Only 
more complex. 

--------------

I think the discussion at github came to this conclusion. 

A more secure workflow can look like this. 

 - The PAT is encrypted and stored to the local storage
 - The user opens the wiki and views it. 
    - The PAT isn't needed. So nothing happens.

 - The user wants to save back to github
 - A (to be made) dialogue asks for the password to decrypt the PAT ... see 
[1]
 - PAT is decrypted and used to save
 - Decrypted PAT in memory is thrown away immediately 

[1] As written at the github issue, it's should be possible to use a 
browser AddON, that let's you "autofill" the password-form. 
The AddOn may also have a dialogue with a "master - PW"

So ... We trade convenience for security. 

have fun!
mario

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/2651a6ad-3672-4427-b03c-d151bb02ab0en%40googlegroups.com.

Reply via email to