Privacy

[Robert Heller]

In message <sjmoer2auyx.fsf at dogbert.ihtfp.org>, Derek Atkins writes:
>Bill Wisse <wiswp at niue.nu> writes:
>
>> This is a possible way of working but I agree with OP.
>> Gnucash should be password protected. I'm using GC for almost 2 years now an
>d 
>> I always wondered why this is not possible.
>> IANAP but it must be easy to do this? Derek?
>
>As Josh said, GnuCash is a financial app, not a security program.
>If you want encrypted data, use an OpenPGP product (e.g. gpg) to
>encrypt/decrypt your data and wipe your backup files.
>
>We had discussed this in the past, but frankly anything GnuCash could
>do would just be "security through obscurity" or we'd get tons of
>calls from users saying they forgot their passwords.
>
>So, we leave it up to the user.
>
>We have no plans to add a "password" to gnucash files.  You can do
>that yourself (and indeed SHOULD do it yourself) with file permissions.

Right. This cannot be overstressed.  One of the *BIG* wins to using an
operating system like Linux (really ANY UNIX or UNIX-ish operating
system) is the fact that it does provide all of this as a matter of
course.  *Proper* use of Linux (UNIX) accounts, groups, and file
permissions generally removes the need for most reasons for *individual*
applications to bother with any sort of self-provided 'encryption' for
their various data files.  A 'family' Linux machine *should* be setup
with separate accounts for the parents, children, and other friends and
relatives.  *If* I were setting up such a machine, I would create a
separate group for the parents (since it does make sense for things like
joint checking accounts and the like), a *separate* group for the
children, and yet another group (or groups) for other people.

The only need you would really every have to specificly encrypt a
GnuCash data file would be when you are transfering it over some sort of
unsecure means.  Such as putting the file on a floppy disk (using a FAT
file system), say when you make a backup copy to give to your accountant
or tax preparer, etc.  In which case there are several utilities
available that do this, such as OpenPGP, that are in fact mainly
designed for just this sort of situation.  Of course, there is *Nothing*
stopping the truly paranoid from using OpenPGP to encrypt their data
files if they so desire, even when it is probably overkill.

>
>-derek
>-- 
>       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>       Member, MIT Student Information Processing Board  (SIPB)
>       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>       warlord at MIT.EDU                        PGP key available
>_______________________________________________
>gnucash-user mailing list
>gnucash-user at lists.gnucash.org
>https://lists.gnucash.org/mailman/listinfo/gnucash-user
                                     \/
Robert Heller                        ||InterNet:   heller at cs.umass.edu
http://vis-www.cs.umass.edu/~heller  ||            heller at deepsoft.com
http://www.deepsoft.com              /\FidoNet:    1:321/153