fz0x1/jrnl
1
0
Fork 0
mirror of https://github.com/jrnl-org/jrnl.git synced 2025-06-28 05:26:13 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add documentation about information leaks in Vim/Neovim (#1674)

Browse source 
* Add documentation about using Vim/Neovim as editor
* Add documentation about information leaks in editors
* Spelling fix

---------

Co-authored-by: Jonathan Wren <jonathan@nowandwren.com>
This commit is contained in:
David Isaksson 2023-02-11 21:16:31 +01:00 committed by GitHub
parent 6b179e673b
commit 6c6937c507
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 92 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

78
docs/privacy-and-security.md
View file

@ -67,6 +67,84 @@ Windows doesn't log history to disk, but it does keep it in your command prompt
session. Close the command prompt or press `Alt`+`F7` to clear your history
after journaling.
## Editor history
Some editors keep usage history stored on disk for future use. This can be a
security risk in the sense that sensitive information can leak via recent
search patterns or editor commands.
### Vim
Vim stores progress data in a so called Viminfo file located at `~/.viminfo`
which contains all sorts of user data including command line history, search
string history, search/substitute patterns, contents of register etc. Also to
be able to recover opened files after an unexpected application close Vim uses
swap files.
These options as well as other leaky features can be disabled by setting the
`editor` key in the Jrnl settings like this:
``` yaml
editor: "vim -c 'set viminfo= noswapfile noundofile nobackup nowritebackup noshelltemp history=0 nomodeline secure'"
```
To disable all plugins and custom configurations and start Vim with the default
configuration `-u NONE` can be passed on the command line as well. This will
ensure that any rogue plugins or other difficult to catch information leaks are
eliminated. The downside to this is that the editor experience will decrease
quite a bit.
To instead let Vim automatically detect when a Jrnl file is being edited an
autocommand can be used. Place this in your `~/.vimrc`:
``` vim
autocmd BufNewFile,BufReadPre *.jrnl setlocal viminfo= noswapfile noundofile nobackup nowritebackup noshelltemp history=0 nomodeline secure
```
Please see `:h <option>` in Vim for more information about the options mentioned.
### Neovim
Neovim strives to be mostly compatible with Vim and has therefore similar
functionality as Vim. One difference in Neovim is that the Viminfo file is
instead called the ShaDa ("shared data") file which resides in
`~/.local/state/nvim` (`~/.local/share/nvim` pre Neovim v0.8.0). The ShaDa file
can be disabled in the same way as for Vim.
``` yaml
editor: "nvim -c 'set shada= noswapfile noundofile nobackup nowritebackup noshelltemp history=0 nomodeline secure'"
```
`-u NONE` can be passed here as well to start a session with the default configs.
As for Vim above we can create an autocommand in Vimscript:
``` vim
autocmd BufNewFile,BufReadPre *.jrnl setlocal shada= noswapfile noundofile nobackup nowritebackup noshelltemp history=0 nomodeline secure
```
or the same but in Lua:
``` lua
vim.api.nvim_create_autocmd( {"BufNewFile","BufReadPre" }, {
group = vim.api.nvim_create_augroup("PrivateJrnl", {}),
pattern = "*.jrnl",
callback = function()
vim.o.shada = ""
vim.o.swapfile = false
vim.o.undofile = false
vim.o.backup = false
vim.o.writebackup = false
vim.o.shelltemp = false
vim.o.history = 0
vim.o.modeline = false
vim.o.secure = true
end,
})
```
Please see `:h <option>` in Neovim for more information about the options mentioned.
## Files in transit from editor to jrnl
When creating or editing an entry, `jrnl` uses a unencrypted temporary file on