Password protecting or encrypting files

Hosted Content

Since your web server is what controls who has access to your files, Kiosk Pro isn't able to password protect files on a remote server.  The app does support the following types of server-side authentication methods: 

  • Default
  • HTTP Basic
  • HTTP Digest

If you are using an Apache web server, it is possible to password protect your files using .htaccess and .htpasswd files - more on how to set this up here and here.  

Once you have this type of password protection set up, you can embed the username and password you set directly into the URL in the format '' and set this as the homepage or a link within your content. Make sure you include the "http" or "https" scheme at the beginning of the URL.

If you are unable to embed the username/password in the link as shown above or each visitor needs to enter separate credentials, make sure you have the Browser Engine = WKWebView (located in Advanced Settings), which allows you to enter this type of credential directly through a pop-up.

Local Content

There is currently no way of encrypting or hiding local files in Kiosk Pro. With that said, it's not possible for remote web pages to access files stored locally on the iPad so the only ways that local data might be copied would be:

  • If you had a local page that deliberately sent the data to a remote server. As you are in control of the content you place on the iPad, this is under your control.
  • If someone physically connected the iPad to a computer and downloaded the files. It is possible to prevent this by supervising the device, which allows you to set a number of restrictions on how the device can be used including the ability to sync with computers.

XML File for Remote Settings Control

There currently is no way of encrypting or password protecting the XML file used for Remote Settings Control. We recommend only including information that isn't considered sensitive in the file.

For example, if setting up a kiosk for email notifications, we'd recommend using an email address set up specifically for this purpose and not used for anything else as the sending email (as that is the email requiring a password). You can also set up the SMTP settings either directly on the iPads through the settings menu or you can add them in the initial .xml update and then remove them from future production versions of the .xml file.

By removing the entire Email Notifications section of the file once these settings have been placed, Kiosk Pro will just keep these settings as they are currently set (until you change them manually or add them back to the .xml file).

For example, to stop updating just the 'Password' field, you would remove or comment out the following from the .xml file (including the opening <dict> and closing </dict> tags:


When using an .xml file automatically generated by the app using the Export Current Settings feature, the SMTP password is omitted by default.

Still stuck? How can we help? How can we help?