Is it safe to use GitHub Saver with access token while published using GitHub Pages?

[Yuhang Guo]

Hi, I'm new to TiddlyWiki. It is an awesome software and I decide to use it as my personal wiki.

But I have one question. When coming to saving, I choose to use GitHub saver and I use access token to authenticate, so the access token is saved into the single file I suppose. Also, I use GitHub Page to publish the wiki site which makes my repository public, so is there any chance others can get my access token from the tiddlywiki file? Is the access token encrypted somehow?

[Mark S.]

According to PMario in this post:

https://groups.google.com/d/msg/tiddlywiki/84WAbLFh8o0/_fQ971uPAQAJ

your oath is saved in local storage, not in the tiddlywiki file. You can verify this for yourself by using some other browser to try to look at your TW file.

[Yuhang Guo]

Thank you! It's indeed saved in local storage.

[PMario]

On Monday, March 30, 2020 at 7:15:32 AM UTC+2, Yuhang Guo wrote:

Thank you! It's indeed saved in local storage.

Hi,

Yea, you should be safe. ... There is still a little inconvenience atm. ... The oauth string is saved in plain text. ...

I think, we should change that. I did create a gh issue. see: https://github.com/Jermolene/TiddlyWiki5/issues/4525

mario

[Yuhang Guo]

yeah, I've decided to switch to TiddlyServer...

在 2020年3月30日星期一 UTC-7上午2:00:21，PMario写道：