You can protect a folder with a password.

Method

1. Specify Protected Folders Define the paths of the folders you wish to protect in the NEXT_PUBLIC_PROTECTED_ROUTES environment variable, separated by |. Use the full path and no " is needed. Example: /Private|/Demo123|/A Folder with spaces.

   Note: Exclude the BASE_DIRECTORY part from the path. For instance, if BASE_DIRECTORY=/MyBase and you want to protect /MyBase/Private, simply use /Private in NEXT_PUBLIC_PROTECTED_ROUTES.

   The NEXT_PUBLIC_ prefix indicates that the value will be accessible on the client side (not restricted to the server side). This is a built-in feature of Next.js and does not imply "public routes".

2. Create a Protection File Inside each folder you want to protect, create a plain text file named either .password . Add the desired password inside this file.

Caveats

OnePortal cannot provide any security guarantee. There is no rate limit here, so theoretically, passwords can be brute-forced.

Also, here are the caveats:

1. Direct Links: Protected files can still be accessed via direct links with the parameter &odpt=.... If you share direct links with others, they can download the files without authentication.
2. Security Limitations: This protection is not impenetrable or highly secure. It serves as an additional layer of inconvenience, not a robust security solution. Avoid using this method for highly sensitive information.
3. Search Exposure: Files in protected folders will still appear in search results. However, only the filenames will be visible—contents cannot be accessed without proper authentication.

If you want to share files with others but don't want extra people to see them, it is recommended to use OneDrive's built-in sharing function.