Privacy

Linas Vepstas linas at linas.org
Tue Mar 16 09:28:19 CST 2004 

On Tue, Mar 16, 2004 at 02:49:51PM +0000, Charles Goodwin was heard to remark:
> Does libgsf offer encryption transparently to applications?
> 

Yes, this was discussed to death on the gnucash mailing lists. 
-- encryption is not enough if your kid can still delete your data files.
   The point is really access control, not encryption per se.
-- one should stick to OS-provided security mechanisms for many good reasons
-- yes, one could run multiple x servers on different desktops using
   ctrl-alt-PFn to toggle between them and use xlock on these,
   but this is wasteful of RAM, and is not a pretty solution for other 
   reasons.

I was hoping to not rehash those arguments.

I was hoping to encourage a gnome-standardized, gnome-automated way 
of providing some apps with ability to prompt user for a passwd, and
then do the equivalent of 
"xhost +; su - root; useradd otheruser; su - otheruser; export DISPLAY=:0; start_my_gnomeapp;" 

Yes, I could hack something up here; it would be a hack. Or I could
write it up in the docs and tell everyone to RTFM.  A gnome-generic,
desktop-seal-of-approval way of handling this would be nicer.

--linas

> 
> On Tue, 2004-03-16 at 14:36, Linas Vepstas wrote:
> > On Fri, Mar 12, 2004 at 04:03:13PM -0500, Kevin T.Broderick was heard to remark:
> > > 
> > > As the most recent reply I've seen clearly outlined, it's quite 
> > > possible to create
> > > a user specifically for gnucash (or perhaps gnucash and other sensitive 
> > > files)
> > > and then su to that user (who is the only non-root user with access to 
> > > the files).
> > 
> > Derek, and anyone else who is listening, the above is actually a good
> > enough idea to actually consider implementing.  It allows for a 
> > passwd-protected login to the app, and it allows the OS to handle
> > all of the 'other aspects' of security.  I'm cc'ing gnome-office,
> > as surely this comes up often enough for other apps as well ... 
> > 
> > [background: user wants to leave a desktop perma-logged in, xlock-off,
> > so wife/kids/parents can use, but wants to passwd protect or possibly 
> > encrypt certain things.]
> -- 
> - Charlie
> 
> Charles Goodwin <charlie at xwt.org>
> Online @ http://www.charlietech.com

-- 
pub  1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas at linas.org>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984  3F54 64A9 9A82 0104 5933

More information about the gnucash-devel mailing list