No, the web library almost certainly won't support we fav -- it would essentially require Zotero to store 3rd party login information which I don't think is going to happen
@adamsmith Oh, I see, but why you need to store them? Consider WebDAV is the thing that we only need to use on the client side, so I think we can: - Simply store them via cookies, not quite safe, but I won't care, consider mine WebDAV is only connectable if private VPN is connected. - Or store the encrypted data and provide the private key to user, ask them to store the key safely (doesn't matter if it will be lost, user can just regenerate it, consider we do have WebDAV config info all along the time), while using WebDAV, only decode on client side with user's key (user can choose to store the key in cookies or let Zotero require to enter the key everytime, key can be saved into password management softwares which should have auto typing feature, so the everytime requiring thing can also be fine)
BTW, If you can't support it on the official web site, will it be possible to let users setup their own web library via open-source code just like calibre-web project (maybe via dataserver and web-library repo)? Thanks.
Yeah, all of these are hacks with significant downsides -- telling users "don't worry, we'll just store plain text credentials in a cookie, what's the worst that could happen" is most certainly not an approach Zotero could ethically take.
will it be possible to let users setup their own web library via open-source code just like calibre-web project (maybe via dataserver and web-library repo)? Thanks.
As you seem to be aware, the web library is open source: https://github.com/zotero/web-library and you can absolutely run your own version, without the need for running the (more complex) dataserver. The web library runs entirely off the API.
We just can't have a perfect plan for satisfying both security and convenience, since we have to retrieve plain identification info on the client side, but won't it be similar to Zotero desktop? Consider it will also store plain password locally with Mozilla login manager, for browser, we do will meet more attacks such like XSS, CSRF, etc., but if user do meet such attacks, your site user cookies will also be leaked. However its definitely not a cool thing to store plain password in anywhere, I do prefer the second solution, and store the encrypted data in cookies or local store, besides the password manager softwares, I forgot that browser itself also have such feature(even though I choose to not use it), so it won't quite be so inconvenience. Besides I will check the open source repo to see if I can use it to setup my own web library via WebDAV, thanks for your reply!
@dstillman Sorry, I expected that to be just a simple inquiry and did not anticipate so much back-and-forth, and I am considering to create a new thread for continuing the discussion, and you just helped me to transfer and create a new post, so thanks!
> If you want to access files via the web library, you'll need to use Zotero Storage. The things you're suggesting are not real options.
A bad news, looks like I just can't read my WebDAV managed ebooks on my Kindle devices, I think I should consider replacing its OS by Android :)
Upgrade Storage
- Simply store them via cookies, not quite safe, but I won't care, consider mine WebDAV is only connectable if private VPN is connected.
- Or store the encrypted data and provide the private key to user, ask them to store the key safely (doesn't matter if it will be lost, user can just regenerate it, consider we do have WebDAV config info all along the time), while using WebDAV, only decode on client side with user's key (user can choose to store the key in cookies or let Zotero require to enter the key everytime, key can be saved into password management softwares which should have auto typing feature, so the everytime requiring thing can also be fine)
BTW, If you can't support it on the official web site, will it be possible to let users setup their own web library via open-source code just like calibre-web project (maybe via dataserver and web-library repo)? Thanks.
Besides I will check the open source repo to see if I can use it to setup my own web library via WebDAV, thanks for your reply!
If you want to access files via the web library, you'll need to use Zotero Storage. The things you're suggesting are not real options.
> If you want to access files via the web library, you'll need to use Zotero Storage. The things you're suggesting are not real options.
A bad news, looks like I just can't read my WebDAV managed ebooks on my Kindle devices, I think I should consider replacing its OS by Android :)