As far as I know (and can see), TW does not save access tokens AT ALL except for in localStorage on the computer AFTER you have given your GitHub password. In addition to this, I doubt users will have saved it alongside the wiki; GitHub automatically searches all repos for this password, and doesn’t push any changes if it does. Maybe you were seeing some other string of numbers for something else?
On Fri, Jun 18, 2021 at 3:01 PM PMario <[email protected]> wrote: > On Friday, June 18, 2021 at 7:30:58 PM UTC+2 Carsten wrote: > > But I might have a security concern here. I found some TW files online in >> GitHub Repos which, after downloading the files from the GitHub repo, (not >> the github.io-pages version), still contain the Access Token in clear text. >> Visible when you inspect the source code. >> Is there a way, that the access token gets taken out before the file is >> saved to github? >> > > The access token is saved in the browser local storage. So it isn't part > of the wiki file, except the user saved it there. ... > > Could you describe it a bit closer, so it may be reproducible? IMO that > will help a lot. > > -mario > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/ef2132d9-e8ba-4522-b126-5fc5dd78bee8n%40googlegroups.com > <https://groups.google.com/d/msgid/tiddlywiki/ef2132d9-e8ba-4522-b126-5fc5dd78bee8n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/CALXL%2BrPuJMZSCmxw5XGd_eURSpEUVAVVK7XTEs%2BTz03ofRbwqA%40mail.gmail.com.
