Privacy

[Robert Uhl]

Bill Wisse <wiswp at niue.nu> writes:
> 
> > We've generally resisted implementing this within gnucash -- which
> > is a personal finance program,
> 
> I do not agree with that . The business options makes it a lot more
> than just personal.

Whether or not that is so is immaterial to the discussion at hand, no?

> I strongly believe that financial programs ( personal or business)
> should have an option ( for the user to decide) of a password.

Why?  What purpose does it serve?

If you wish to encrypt the file, there are many options already
available to you, ranging from filesystem-level encryption to file-level
encryption.  If you wish to simply prevent others from modifying the
file, that's available with file-level permissions.  If you wish to
prevent others from reading the file, _that's_ available with file-level
permissions.

What would adding a password buy you, other than one more password to
forget and one more part of gnucash to be maintained?

> In fact if you have a look at other ( decent) financial programs I
> doubt it if there is any without a password option.

Other programs are poorly designed; many don't use double-entry
accounting; many must run on an inherently insecure platform (i.e.,
Windows).  None of this applies to gnucash, wouldn't you agree?

> BTW why are so many people against this option?  Just give it as an
> option, what's wrong with that?

Because it's a philosophical objection (that's not the right way to do
things); because it would make gnucash more complex (and thus more
likely to be buggy); because that would mean more code to write &
maintain; because it would lead to users forgetting their passwords and
wanting a restore-without-password option, which eliminates the security
anyway; because asking the question belies a lack of understanding of
the capabilities provided by Unix and the philosophy underlying it.

A finance program's job is not to handle security; its job is to handle
finances.  The OS and various encryption programs handle
security--that's their job.  They do it well.  Why reinvent the wheel?

To ask why gnucash doesn't password 'protect' (really, application level
passwords almost never protect--they just grant a false sense of
security) it files is to ask the wrong question.  Multiple people have
proposed multiple variations on the Right Thing, which is to take
advantage of the decades-old, tried-and-true OS-level security which
Unix offers.

Now, what _would_ be cool would be a multi-user gnucash, which would
obv. necessitate building in more security.  This would be useful for a
business, or _possibly_ a family with multiple sub-accounts.

-- 
Robert Uhl <ruhl at 4dv.net>
I've seen things you people can't imagine.  Chimneysweeps on fire over
the roofs of London.  I've watched kite-strings glitter in the sun at
Hyde Park Gate.  All these things will be lost in time, like
chalk-paintings in the rain.  Time for your nap.     --Peter da Silva