Hi all,
I am using Joplin with some colleagues via a self hosted Joplin server.
Now we want to protect our published shares with a simple user/password. For this we want to use htpasswd. But I can't find the right folder to implement this.
anyone, any ideas?
I guess (and it really is a guess!) that it is because the server does not store a shared note in a folder for the webserver component but instead generates the note from the database on demand when presented with the share token.
The author of Joplin has commented on the issue of a published note password when the point has been raised in the past.
and (taken from this post)
I don't expect this to ever be any different. I feel supporting a password wouldn't make sense because the password is the share key (the URL ID). I guess if someone requires extra security they can always send a part of the URL via one channel and the second part via another one. Share keys are a 32 characters nano-id, and it would apparently take "more than 1 quadrillion years needed, in order to have a 1% probability of at least one collision", so that sounds secure enough.
Thanks for the feedback.
After trying to understand the source code, I came to the same conclusion.
I have been reading these threads. The issue is that the URL is actually secure enough, but we have no control over the shares. We use Joplin with 25 colleagues and don't want shares to be accessible by in e.g. customers without any security.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.