For better security, maybe Joplin should add 'logout' feature, to lock access to all notes. It's not always sure that the local machine is supposed to be safe, some family members may open and randomly mess with the notes.
For example, put the menu item 'Logout' just above 'Quit' on main menu File.
Logout action may do these:
- Clear master password (to enter again)
- Quit Joplin app.
You might consider operating system level profiles too? That would also help for other apps.
Yeah i know, but just a better security feature, similar to Standard Notes auth lock.
I found out that the master password seems for encryption before saving to sync target. Even without master password, all notes are still shown when launch Joplin.
Unless the file database.sqlite is encrypted, this logout feature still doesn't ensure full security.
I'm not necessarily for or against encrypting the sqlite database (I'm also not a Dev so I don't have a say either way), but my 2 cents would be to create an additional profile(s) for such a family member(s). If the family member(s) can't be trusted to not subvert the profile security and filesystem permissions on the system, they probably shouldn't be logged into the system at all. At least until (if) such a "lock" feature is implemented.
I believe the subject of encrypting the database has been discussed extensively on this forum from what I remember if you care to dig through some of that discussion.