Privacy

Lindenaar, D.J.W. D.J.W.Lindenaar at student.tue.nl
Fri Mar 12 14:04:33 CST 2004 

This is all very interesting. The whole idea behind this linux (unix)
philosophy is very well thought out and I wouldn't try and burn my
fingers trying to change peoples mind about this. It's the simple truth
that security experts should write security and accounting experts
should write accounting software. 

So, what is there to be done. Simply make sure that everyone understands
the way to go. The whole linux security is based on the idea that every
user has his own account and there is no sharing done. Well the problem
now is that someone is using his linux box in a Microsoft-like way,
thereby degrading inherent security of the linux-system. What he wants
is to secure _just_ his gnucash bookkeeping. The solution is already
given so I'll just try to show how it could be done. 

1. create a user (probably 'bookkeeper' or something)
2. move all bookkeeping info from the default user's home to
bookkeepers' home.
3. tell KDE or GNOME to run gnucash as a different user (being
'bookkeeper') or change the command from /usr/bin/gnucash to su
bookkeeper -c /usr/bin/gnucash.

Like this it can be done. The OS asks the password for 'bookkeeper' and
if correct fires up gnucash. If your son starts gnucash he doesn't know
the password and so can't start gnucash nor can he delete the
accountfile or anything.

This is the way it is done the linux-way. It is pretty much exactly the
same thing a MS-money would seem to do it except that the nice work done
by the linux-kernel-team is probably much more secure than some hack by
the accounting programmers.


Greetings Daniel.

-----Original Message-----
From: gnucash-user-bounces at lists.gnucash.org
[mailto:gnucash-user-bounces at lists.gnucash.org] On Behalf Of Robert Uhl
Sent: vrijdag 12 maart 2004 20:44
To: gnucash-user at gnucash.org
Subject: Re: Privacy

Bill Wisse <wiswp at niue.nu> writes:
> 
> > We've generally resisted implementing this within gnucash -- which
> > is a personal finance program,
> 
> I do not agree with that . The business options makes it a lot more
> than just personal.

Whether or not that is so is immaterial to the discussion at hand, no?

> I strongly believe that financial programs ( personal or business)
> should have an option ( for the user to decide) of a password.

Why?  What purpose does it serve?

If you wish to encrypt the file, there are many options already
available to you, ranging from filesystem-level encryption to file-level
encryption.  If you wish to simply prevent others from modifying the
file, that's available with file-level permissions.  If you wish to
prevent others from reading the file, _that's_ available with file-level
permissions.

What would adding a password buy you, other than one more password to
forget and one more part of gnucash to be maintained?

> In fact if you have a look at other ( decent) financial programs I
> doubt it if there is any without a password option.

Other programs are poorly designed; many don't use double-entry
accounting; many must run on an inherently insecure platform (i.e.,
Windows).  None of this applies to gnucash, wouldn't you agree?

> BTW why are so many people against this option?  Just give it as an
> option, what's wrong with that?

Because it's a philosophical objection (that's not the right way to do
things); because it would make gnucash more complex (and thus more
likely to be buggy); because that would mean more code to write &
maintain; because it would lead to users forgetting their passwords and
wanting a restore-without-password option, which eliminates the security
anyway; because asking the question belies a lack of understanding of
the capabilities provided by Unix and the philosophy underlying it.

A finance program's job is not to handle security; its job is to handle
finances.  The OS and various encryption programs handle
security--that's their job.  They do it well.  Why reinvent the wheel?

To ask why gnucash doesn't password 'protect' (really, application level
passwords almost never protect--they just grant a false sense of
security) it files is to ask the wrong question.  Multiple people have
proposed multiple variations on the Right Thing, which is to take
advantage of the decades-old, tried-and-true OS-level security which
Unix offers.

Now, what _would_ be cool would be a multi-user gnucash, which would
obv. necessitate building in more security.  This would be useful for a
business, or _possibly_ a family with multiple sub-accounts.

-- 
Robert Uhl <ruhl at 4dv.net>
I've seen things you people can't imagine.  Chimneysweeps on fire over
the roofs of London.  I've watched kite-strings glitter in the sun at
Hyde Park Gate.  All these things will be lost in time, like
chalk-paintings in the rain.  Time for your nap.     --Peter da Silva
_______________________________________________
gnucash-user mailing list
gnucash-user at lists.gnucash.org
https://lists.gnucash.org/mailman/listinfo/gnucash-user

More information about the gnucash-user mailing list