backend encryption / security
jralls at ceridwen.us
Tue May 6 22:57:03 EDT 2014
On May 6, 2014, at 6:40 PM, Michalis Kamprianis <michalis at linuxmail.org> wrote:
> I can see in uservoice, and I think frequently asked in lists, the request for encryption or password protection of the datafile.
> Regarding database backends, I believe that database encryption should be used if required, (although I understand that dbi may not be up to the task).
> Nevertheless, for xml backend, I think that I could try to implement an AES based encryption (on saving) and decryption (on opening), based on code from aescrypt.
> Aescrypt is available for unix, windows, mac, so the implementation should probably be portable across platforms. The code is some gpl and some freeware.
> Of course such a solution only protects data at rest (i.e. when data is read in memory it is not protected. Log files are not protected. User configuration files are not protected - at least initially, and so on) so it's not transforming gnucash to the most secure accounting software out there, but solves the problem with datafile misplacement or unwanted access.
> The thing is, (a) I don't know if you're interested and / or agree in implementing something like that, and (b) although I will probably manage to code the open and save routines, I'm not sure I will not get stuck somewhere, in which case it will either remain as an unfinished project, or I will need some help from somebody more experienced.
> Your thoughts?
Why? Useful OSes already have the ability to encrypt files or filesystems on the fly, and anyway the current GnuCash design loads all of the data into RAM; there are a bunch of attacks which can exploit the RAM image.
Besides, there's no reason to believe that most accounting data in GnuCash, aside from account numbers in AQBanking, would be useful to a hacker. SOHO users are just not interesting subjects of industrial espionage, and AQBanking data is separate from GnuCash data.
More information about the gnucash-devel