((p "Your zettel may contain sensitive content." " " "You probably want to ensure that only authorized persons can read and/or modify them." " " "Zettelstore ensures this in various ways.") (h2 (@ (id . "local-first")) "Local first") (p "The Zettelstore is designed to run on your local computer." " " "If you do not configure it in other ways, no person from another computer can connect to your Zettelstore." " " "You must explicitly configure it to allow access from other computers.") (p "In the case that you own multiple computers, you do not have to access the Zettelstore remotely." " " "You could install Zettelstore on each computer and set-up some software to synchronize your zettel." " " "Since zettel are stored as ordinary files, this task could be done in various ways.") (h2 (@ (id . "read-only")) "Read-only") (p "You can start the Zettelstore in a read-only mode." " " "Nobody, not even you as the owner of the Zettelstore, can change something via its interfaces" (sup (@ (id . "fnref:1")) (a (@ (class . "zs-noteref") (href . "#fn:1") (role . "doc-noteref")) "1")) ".") (p "You enable read-only mode through the key " (kbd "readonly") " in the " (a (@ (href . "00001004010000#readonly")) "startup configuration zettel") " or with the " (kbd "-r") " option of the " (code "zettelstore run") " sub-command.") (h2 (@ (id . "authentication")) "Authentication") (p "The Zettelstore can be configured that users must authenticate themselves to gain access to the content.") (ul (li (a (@ (href . "00001010040100")) "How to enable authentication")) (li (a (@ (href . "00001010040200")) "How to add a new user")) (li (a (@ (href . "00001010040400")) "How users are authenticated") " (some technical background)") (li (a (@ (href . "00001010040700")) "Authenticated sessions"))) (h2 (@ (id . "authorization")) "Authorization") (p "Once you have enabled authentication, it is possible to allow others to access your Zettelstore." " " "Maybe, others should be able to read some or all of your zettel." " " "Or you want to allow them to create new zettel, or to change them." " " "It is up to you.") (p "If someone is authenticated as the owner of the Zettelstore (hopefully you), no restrictions apply." " " "But as an owner, you can create " (@L (@H "“") "user zettel" (@H "”")) " to allow others to access your Zettelstore in various ways." " " "Even if you do not want to share your Zettelstore with other persons, creating user zettel can be useful if you plan to access your Zettelstore via the " (a (@ (href . "00001012000000")) "API") ".") (p "Additionally, you can specify that a zettel is publicly visible." " " "In this case no one has to authenticate itself to see the content of the zettel." " " "Or you can specify that a zettel is visible only to the owner." " " "In this case, no authenticated user will be able to read and change that protected zettel.") (ul (li (a (@ (href . "00001010070200")) "Visibility rules for zettel")) (li (a (@ (href . "00001010070300")) "User roles") " define basic rights of an user") (li (a (@ (href . "00001010070400")) "Authorization and read-only mode")) (li (a (@ (href . "00001010070600")) "Access rules") " define the policy which user is allowed to do what operation.")) (h2 (@ (id . "encryption")) "Encryption") (p "When Zettelstore is accessed remotely, the messages that are sent between Zettelstore and the client must be encrypted." " " "Otherwise, an eavesdropper could fetch sensible data, such as passwords or precious content that is not for the public.") (p "The Zettelstore itself does not encrypt messages." " " "But you can put a server in front of it, which is able to handle encryption." " " "Most generic web server software do allow this.") (p "To enforce encryption, " (a (@ (href . "00001010040700")) "authenticated sessions") " are marked as secure by default." " " "If you still want to access the Zettelstore remotely without encryption, you must change the startup configuration." " " "Otherwise, authentication will not work.") (ul (li (a (@ (href . "00001010090100")) "Use a server for encryption"))))