HBCI data structures and Gnucash

Darius Powell dariusp@ot.com.au
16 May 2002 18:21:54 +1000 

Benoit Gr=E9goire <bock@step.polymtl.ca> writes:

> > I'm currently working on a script to automatically download
> > transactions.  Currently it generates qif files for import.
> >
> > However I would like to have more direct plumbing with Gnucash instead
> > of manually importing qif files.
>=20
> I am also currently working at this stage.  I have working ofx support fo=
r=20
> pretty much the whole specification for transaction download.  I can=20
> trivially export qif files, but i don't want to use such a mediocre trans=
port=20
> format, after working so herd to support the whole spec.  However, I have=
=20
> some trouble figuring out the current qif module, as it is mostly written=
 in=20
> scheme.  I probably have to learn a little scheme if I want to understand=
=20
> what piece of code takes care of what.  Well, one way or another, I have =
to=20
> get it done in the next five weeks.

It would seem to make sense if there was a single way to get
transactions into Gnucash (or more generally speaking to perform online
banking actions) that we could both use.

How have you implemented the ofx support?  Is it part of Gnucash or is
it an external program?  What are you using the qif module for?

Five weeks?

> > It would be good if transactions were downloaded in the background at
> > scheduled times (even if Gnucash is not running).  Also the user
> > should be able to request transactions be downloaded from within
> > Gnucash.
>=20
> I am not all sure this is a good idea.  There would be pretty steep secur=
ity=20
> issues.  To download in the background at regular intervals, gnucash woul=
d=20
> have to keep the passwords necessary for access, 24h a day.  If we want t=
o=20
> run even when gnucash is not, the passwords will have to be stored on dis=
k!=20=20
> So anyone stepping in front of the computer could theorically start=20
> transferring money between accounts.  And imagine if the bank allows onli=
ne=20
> wire transfers...

Yes, there are certainly some serious security concerns here.

Of course you should be able to request a download and supply the
password which is not remembered.

As for automatic downloads the password needs to be stored somehow and
should probably be encrypted.

I haven't thought about this area in enough detail yet as it no doubt
requires a large amount of thought.

--=20
Darius Powell (dariusp@ot.com.au)