(((meta (@ (content . "Security") (name . "title"))) (meta (@ (content . "manual") (name . "role"))) (meta (@ (content . "#configuration #manual #security #zettelstore") (name . "tags"))) (meta (@ (content . "zmk") (name . "syntax"))) (meta (@ (content . "00001000000000 00001012921200") (name . "back"))) (meta (@ (content . "00001000000000 00001004010000 00001012921200") (name . "backward"))) (meta (@ (content . "1") (name . "box-number"))) (meta (@ (content . "(c) 2020-present by Detlef Stern ") (name . "copyright"))) (meta (@ (content . "20210126175322") (name . "created"))) (meta (@ (content . "00001004010000 00001010040100 00001010040200 00001010040400 00001010040700 00001010070200 00001010070300 00001010070400 00001010070600 00001010090100 00001012000000") (name . "forward"))) (meta (@ (content . "en") (name . "lang"))) (meta (@ (content . "EUPL-1.2-or-later") (name . "license"))) (meta (@ (content . "20221018123622") (name . "modified"))) (meta (@ (content . "20221018123622") (name . "published"))) (meta (@ (content . "public") (name . "visibility")))) (p "Your" " " "zettel" " " "could" " " "contain" " " "sensitive" " " "content." " " "You" " " "probably" " " "want" " " "to" " " "ensure" " " "that" " " "only" " " "authorized" " " "person" " " "can" " " "read" " " "and/or" " " "modify" " " "them." " " "Zettelstore" " " "ensures" " " "this" " " "in" " " "various" " " "ways.") (h2 (@ (id . "local-first")) "Local" " " "first") (p "The" " " "Zettelstore" " " "is" " " "designed" " " "to" " " "run" " " "on" " " "your" " " "local" " " "computer." " " "If" " " "you" " " "do" " " "not" " " "configure" " " "it" " " "in" " " "other" " " "ways," " " "no" " " "person" " " "from" " " "another" " " "computer" " " "can" " " "connect" " " "to" " " "your" " " "Zettelstore." " " "You" " " "must" " " "explicitly" " " "configure" " " "it" " " "to" " " "allow" " " "access" " " "from" " " "other" " " "computers.") (p "In" " " "the" " " "case" " " "that" " " "you" " " "own" " " "multiple" " " "computers," " " "you" " " "do" " " "not" " " "have" " " "to" " " "access" " " "the" " " "Zettelstore" " " "remotely." " " "You" " " "could" " " "install" " " "Zettelstore" " " "on" " " "each" " " "computer" " " "and" " " "set-up" " " "some" " " "software" " " "to" " " "synchronize" " " "your" " " "zettel." " " "Since" " " "zettel" " " "are" " " "stored" " " "as" " " "ordinary" " " "files," " " "this" " " "task" " " "could" " " "be" " " "done" " " "in" " " "various" " " "ways.") (h2 (@ (id . "read-only")) "Read-only") (p "You" " " "can" " " "start" " " "the" " " "Zettelstore" " " "in" " " "an" " " "read-only" " " "mode." " " "Nobody," " " "not" " " "even" " " "you" " " "as" " " "the" " " "owner" " " "of" " " "the" " " "Zettelstore," " " "can" " " "change" " " "something" " " "via" " " "its" " " "interfaces" (sup (@ (id . "fnref:1")) (a (@ (class . "zs-noteref") (href . "#fn:1") (role . "doc-noteref")) "1")) ".") (p "You" " " "enable" " " "read-only" " " "mode" " " "through" " " "the" " " "key" " " (kbd "readonly") " " "in" " " "the" " " (a (@ (href . "00001004010000#readonly")) "startup" " " "configuration" " " "zettel") " " "or" " " "with" " " "the" " " (kbd "-r") " " "option" " " "of" " " "the" " " (code "zettelstore run") " " "sub-command.") (h2 (@ (id . "authentication")) "Authentication") (p "The" " " "Zettelstore" " " "can" " " "be" " " "configured" " " "that" " " "a" " " "user" " " "must" " " "authenticate" " " "itself" " " "to" " " "gain" " " "access" " " "to" " " "the" " " "content.") (ul (li (a (@ (href . "00001010040100")) "How" " " "to" " " "enable" " " "authentication")) (li (a (@ (href . "00001010040200")) "How" " " "to" " " "add" " " "a" " " "new" " " "user")) (li (a (@ (href . "00001010040400")) "How" " " "users" " " "are" " " "authenticated") " " "(some" " " "technical" " " "background)") (li (a (@ (href . "00001010040700")) "Authenticated" " " "sessions"))) (h2 (@ (id . "authorization")) "Authorization") (p "Once" " " "you" " " "have" " " "enabled" " " "authentication," " " "it" " " "is" " " "possible" " " "to" " " "allow" " " "others" " " "to" " " "access" " " "your" " " "Zettelstore." " " "Maybe," " " "others" " " "should" " " "be" " " "able" " " "to" " " "read" " " "some" " " "or" " " "all" " " "of" " " "your" " " "zettel." " " "Or" " " "you" " " "want" " " "to" " " "allow" " " "them" " " "to" " " "create" " " "new" " " "zettel," " " "or" " " "to" " " "change" " " "them." " " "It" " " "is" " " "up" " " "to" " " "you.") (p "If" " " "someone" " " "is" " " "authenticated" " " "as" " " "the" " " "owner" " " "of" " " "the" " " "Zettelstore" " " "(hopefully" " " "you)," " " "no" " " "restrictions" " " "apply." " " "But" " " "as" " " "an" " " "owner," " " "you" " " "can" " " "create" " " (@L (@H "“") "user" " " "zettel" (@H "”")) " " "to" " " "allow" " " "others" " " "to" " " "access" " " "your" " " "Zettelstore" " " "in" " " "various" " " "ways." " " "Even" " " "if" " " "you" " " "do" " " "not" " " "want" " " "to" " " "share" " " "your" " " "Zettelstore" " " "with" " " "other" " " "persons," " " "creating" " " "user" " " "zettel" " " "can" " " "be" " " "useful" " " "if" " " "you" " " "plan" " " "to" " " "access" " " "your" " " "Zettelstore" " " "via" " " "the" " " (a (@ (href . "00001012000000")) "API") ".") (p "Additionally," " " "you" " " "can" " " "specify" " " "that" " " "a" " " "zettel" " " "is" " " "publicly" " " "visible." " " "In" " " "this" " " "case" " " "no" " " "one" " " "has" " " "to" " " "authenticate" " " "itself" " " "to" " " "see" " " "the" " " "content" " " "of" " " "the" " " "zettel." " " "Or" " " "you" " " "can" " " "specify" " " "that" " " "a" " " "zettel" " " "is" " " "visible" " " "only" " " "to" " " "the" " " "owner." " " "In" " " "this" " " "case," " " "no" " " "authenticated" " " "user" " " "will" " " "be" " " "able" " " "to" " " "read" " " "and" " " "change" " " "that" " " "protected" " " "zettel.") (ul (li (a (@ (href . "00001010070200")) "Visibility" " " "rules" " " "for" " " "zettel")) (li (a (@ (href . "00001010070300")) "User" " " "roles") " " "define" " " "basic" " " "rights" " " "of" " " "an" " " "user") (li (a (@ (href . "00001010070400")) "Authorization" " " "and" " " "read-only" " " "mode")) (li (a (@ (href . "00001010070600")) "Access" " " "rules") " " "define" " " "the" " " "policy" " " "which" " " "user" " " "is" " " "allowed" " " "to" " " "do" " " "what" " " "operation.")) (h2 (@ (id . "encryption")) "Encryption") (p "When" " " "Zettelstore" " " "is" " " "accessed" " " "remotely," " " "the" " " "messages" " " "that" " " "are" " " "sent" " " "between" " " "Zettelstore" " " "and" " " "the" " " "client" " " "must" " " "be" " " "encrypted." " " "Otherwise," " " "an" " " "eavesdropper" " " "could" " " "fetch" " " "sensible" " " "data," " " "such" " " "as" " " "passwords" " " "or" " " "precious" " " "content" " " "that" " " "is" " " "not" " " "for" " " "the" " " "public.") (p "The" " " "Zettelstore" " " "itself" " " "does" " " "not" " " "encrypt" " " "messages." " " "But" " " "you" " " "can" " " "put" " " "a" " " "server" " " "in" " " "front" " " "of" " " "it," " " "which" " " "is" " " "able" " " "to" " " "handle" " " "encryption." " " "Most" " " "generic" " " "web" " " "server" " " "software" " " "do" " " "allow" " " "this.") (p "To" " " "enforce" " " "encryption," " " (a (@ (href . "00001010040700")) "authenticated" " " "sessions") " " "are" " " "marked" " " "as" " " "secure" " " "by" " " "default." " " "If" " " "you" " " "still" " " "want" " " "to" " " "access" " " "the" " " "Zettelstore" " " "remotely" " " "without" " " "encryption," " " "you" " " "must" " " "change" " " "the" " " "startup" " " "configuration." " " "Otherwise," " " "authentication" " " "will" " " "not" " " "work.") (ul (li (a (@ (href . "00001010090100")) "Use" " " "a" " " "server" " " "for" " " "encryption"))))