Privacy

Robert Heller heller at deepsoft.com
Fri Mar 12 13:33:49 CST 2004 


In message <200403120803.52221.wiswp at niue.nu>, Bill Wisse writes:
>On Thursday 11 March 2004 01:48, Josh Sled wrote:
>> On Wed, 2004-03-10 at 22:21, Jim Woodruff wrote:
>> > My computer is accessed by the entire family and my kids friends.
>> > Is there a way to password gnucash or its data files? I've searched
>> > the help files and man pages without success.
>>
>> Other options are:
>
>> We've generally resisted implementing this within gnucash -- which is a
>> personal finance program,
>
>I do not agree with that . The business options makes it a lot more than just 
>personal.
>
>> and not a security tool.
>
>We are not asking for a security tool only for a security option.
>I strongly believe that financial programs ( personal or business) should have
> 
>an option ( for the user to decide) of a password.
>In fact if you have a look at other ( decent) financial programs I doubt it if
> 
>there is any without a password option.
>
>BTW why are so many people against this option? Just give it as an option, 
>what's wrong with that?

The problem is that it would be a false option.  Yes, I know that this
sort of option is available with other 'decent' (?) financial programs,
most likely under MS-Windows or MacOS, neither of which have much O/S
security, at least with 'traditional' versions -- pre NT-based
MS-Windows and MacOS < System 10 (MacOSX).  Under Linux/UNIX, this
sort of option is generally unneeded, because the O/S already provides
this security option, either via the base level password/account system
and existing file permissions OR with separate utilities, such as
OpenPGP.

The 'Linux/UNIX' philosophy in this situation is a 'division of labor'
solution: the GnuCash developers would just as soon let the Linux/UNIX
security gurus deal with things like PAM and OpenPGP and file system
permissions, etc. and *concentrate* on writing a really good financial
program.

Adding a 'security option' to GnuCash does several 'bad' things, which
will not really give you any added security:

1) The GnuCash developers are *probably* not experts at writing the
security code.  This means it is likely to be either not really secure
or will be flakey -- that is the 'security option' will be an illusion
that does not provide any real security.

2) It will mean that other (more important) issues with GnuCash won't
get addressed.  Your file will be secure (maybe) but you won't be able to
correctly deal with bi-weekly scheduled transactions or something.

Yes, the security option could just be an additional shell script that
uses the OpenPGP file encryption utility.  This would have other
effects, such as 'silly' dependencies for RPM or apt_get (which would
annoy some users) and might have odd version mis-match issues (which
could result in complete loss of data for other users).

Note that the above issues affect your so-called 'decent' financial
programs as well: I wonder what features are missing or bugs exist in
Quicken or QuickBooks because the developers spent time and energy on
some sort of (possibly marginal) 'password protection' hack instead of
addressing other issues. Of course, with MS-Windows, the 'password
protection' is needed, since the OS / File System does not really
provide any sort of proper security. Nor does the O/S allow for a
secondary user to log in with a fresh desktop while preserving an
existing user's desktop environment.  And I wonder just how good their
encryption really is...  Of course, all it takes is a really dumb
password to make the whole exercise pointless.

>-- 
>Greetings from
>
>/bill at 169 west , 19 south.  
>
>Disclaimer: Any errors in spelling, tact, or fact are
>transmission errors."
>
>     
>
>_______________________________________________
>gnucash-user mailing list
>gnucash-user at lists.gnucash.org
>https://lists.gnucash.org/mailman/listinfo/gnucash-user
                                     \/
Robert Heller                        ||InterNet:   heller at cs.umass.edu
http://vis-www.cs.umass.edu/~heller  ||            heller at deepsoft.com
http://www.deepsoft.com              /\FidoNet:    1:321/153

More information about the gnucash-user mailing list