GitHub Security

[Philip Gaitan]

New to TW5, instantly fell in love with it as a method to create a personal knowledge base. I've been playing around with several different install methods, including the GitHub pages deployment. My question is regarding privacy and security. Is there a way to allow GitHub Pages to access my TW5, but at the same time restrict everyone from freely git cloning my repository?

If I'm going to store sensitive (to me) material in it, I'm not keen on the idea of it being so easily duplicated.

Thank you!

Philip

[TonyM]

Philip,

Others can give a Better GitHub answer, I believe only if you subscribe can you have a private one. Perhaps you can open up the question and let us know what if any other hosting you have available to you. 

Personally I would use TW-receiver on a PHP host and use the .htaccess to place a password in front of it, along with tw-receivers passcode and https to make at least a single file wiki completely private. I have also used a CDN such as cloudflare to improve performance, with a splash screen installed in tiddlywiki.

Regards

Tony

[Chuck R.]

You have to pay to have a private repo. All free repos are public on Github and thus can be cloned/forked.

Why not host on Tiddyspot? It's free and easy. I suppose someone can download the TW locally too that way.

[Chuck R.]

Do you have to use Github? What about dropbox? Maybe you can set up security there to prevent direct downloading somehow. I already serve normal HTML files from Dropbox and it works fine. But I'm guessing for the free Dropbox account security options might be limited.

Here are many more file sharing sites you might try, so you can see if they support HTML and TW5.

https://pastebin.com/RadNDWbZ

The file sharing is divided into several parts: "File sharing", and "Storing text, readme files, documentation", and "Can edit after file creation", and "Blockchain storage", etc.

[Alfonso Arciniega]

Re Dropbox, the easiest (for me at last) way is:

1. Create a new account at DropPages: https://droppages.com/
2. After signing in, create your site at: https://my.droppages.com/Account
3. A folder will be created in your Dropbox account: https://www.dropbox.com/home/Apps/My.DropPages
4. Inside this folder you will find a folder with the name of your site: [your_name_site].droppages.com]
5. Again, inside you fill find three folders: Content, Public, and Templates. The starting site is a very, very basic landing website that you may ignore if all you want is a site for your TWs.
6. Finally, put your TWs in the Public folder; and bookmark them as: https://[your_name_site].droppages.com/[my_TW.html]

Your site and TWs remain private unless you give away the bookmarks. Updating your TWs are a easy as uploading them to the Public folder in your Dropbox. You may even want to create a separate email with a separate Dropbox account for this solely purpose.

Note that DropPages will allow you to have up to two free sites: https://[your_name_site].droppages.com] with a total maximum of 50 MB.

Alfonso

[Arlen Beiler]

Guys, a public link is ALWAYS a public link. Never consider it protected in any way if the link itself can get you all the way in without logging in at all. 

--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/436b6551-5745-4fd0-8eee-fedc1e86405d%40googlegroups.com.

[Ste Wilson]

Pancake.io also does Dropbox hosting. Updog.co is alas closing down next month.

[PMario]

On Monday, January 13, 2020 at 4:42:19 AM UTC+1, Philip Gaitan wrote:

New to TW5, instantly fell in love with it as a method to create a personal knowledge base. I've been playing around with several different install methods, including the GitHub pages deployment. My question is regarding privacy and security. Is there a way to allow GitHub Pages to access my TW5, but at the same time restrict everyone from freely git cloning my repository?

If I'm going to store sensitive (to me) material in it, I'm not keen on the idea of it being so easily duplicated.

Hi Philip,

You can try to make your repository private. So it will only be accessible for you or your organisation, if you use one. ... I'm not 100% sure about gh-pages. But private pages should be protected too. ... You can play with the settings first and find out.

As of last year we can have unlimited private repos. Till then it was only 1 for a free account.

have fun!

mario

[PMario]

On Monday, January 13, 2020 at 4:42:19 AM UTC+1, Philip Gaitan wrote:

...

Is there a way to allow GitHub Pages to access my TW5, but at the same time restrict everyone from freely git cloning my repository?

I'm not sure, if this makes much sense, since TW will contain the same content tiddlers, that your repo contains. ... So I'm not really sure, what you want to protect?

There is a big difference between privacy and security. ...

Info about github security can be found here: https://github.com/security

Information which info github collects can be found here: https://help.github.com/en/github/site-policy/github-privacy-statement#github-privacy-statement .. But that's probably not what you mean by privacy. right?

-mario