I'm new to Joplin and had plans to switch a few users from Evernote, until we quickly discovered we can't password/pin protect the program.
To start I should say, I have searched this topic and was concerned of the answers given as to why you would not add such a simple feature that has the possibility to protect unwanted eyes from quickly viewing what most would consider their personal or confidential data.
No we don't need a lesson on using third party tools, or how the DB isn't protected or someone could install a keylogger. We all understand those and we are not asking for them.
What we need is the ability to Turn On PIN access when bringing up the app, regardless of the platform. Very simple PIN access or code feature, nothing else.
And WE are HAPPY to PAY for the feature, and I'm sure others would pitch in.
Unrelated: I've been thinking for awhile that it would be nice to have plugins that can override the default components (note list, editor, viewer, etc.). I know others have been thinking about this as well.
My thoughts on this stem from the JSheets plugin which would benefit from overriding the editor and the viewor, so that when you switch to a spreadsheet note, you just get a spreadsheet. This system would also allow for alternative editors (maybe), and alternative renderers (like ReStructuredText or maybe even latex?).
This system would also allow for a very simple pin lock plugin. It would be able to override all components until a pin is entered (I won't comment on the security of a plugin like this, or my own view on it's validity).
Actually, I don't know much about how dialogs work in Joplin, it might already be possible to open a (nearly) full screen dialog that won't close without a pin.
Paying for a feature is different from paying for the development of a feature. If you do have the means to pay for development of a feature, I suggest you look into contracting someone to make a private build for you. The Joplin code base is open source (MIT License) so your contractor will have full access. As you said this is a "simple feature" so they shouldn't have trouble with it.
I thought about something like this for the note list, but it wouldn't be a complete replacement, just a way to let plugins render the note list content.
But isn't it already possible to implement your own sidebar or viewer? You could create a sidebar or even note list using a panel and the data API, and simply hide the real sidebar or note list.
It's true that wouldn't work for the editor since it's not possible to hide it. I wonder what the minimal API would be to support this? Would it be as simple as an API to hide the editor and replace it with a webview which can be customised any way the developer wants?
I've asked a long time ago and I'm not sure anyone cares.
If my memory serves me correctly, I believe the excuse was if someone wants the data they are going to figure it out. Of course using that logic, houses, offices, computers or phones don't need locks or passwords....
The issue is that unless the database is actually encrypted on the disk, this creates a false sense of security, which can be dangerous. Basically, the user will think that their data is protected, while in reality, it will still be easily accessible to anyone, e.g. if they open the database using a 3rd party tool outside of the Joplin application.
If the goal is just a low-security plugin that superficially hides content until a PIN is entered, I think that's currently possible - I tossed together a quick proof of concept here (was heavily and hastily adapted from one of my other plugins so probably not very pretty) that hides all content in the editor until the PIN 1234 is entered.
I have no real interest in making this into a real plugin but it doesn't seem like it would be hard to extend it to hide webview content as well, and centralize things a bit better, and add things like idle timeouts or whatever. And the discussion above talked about a solution for the note list. The main flaw right now is that the editor content is briefly visible when Joplin first opens and the plugin loads - not sure how to fix that.