Privacy

Robert Heller heller at deepsoft.com
Fri Mar 12 14:28:08 CST 2004



In message <20040312150249.X510 at gw.softwarehackery.com>, Marc Evans writes:
>
>On Fri, 12 Mar 2004, Derek Atkins wrote:
>
>> Robert Heller <heller at deepsoft.com> writes:
>>
>> > 1) The GnuCash developers are *probably* not experts at writing the
>> > security code.  This means it is likely to be either not really secure
>> > or will be flakey -- that is the 'security option' will be an illusion
>> > that does not provide any real security.
>>
>> Actually, this is untrue.  In Real Life I am a Security Guru.  In fact
>> I WROTE half of what became PGP 5.  But I agree with you that Gnucash
>> should not include this directly.
>>
>> I'll also note that this feature is only useful for XML files, WHICH
>> ARE GOING AWAY IN A FUTURE VERSION.  It's neigh impossible to
>> "encrypt" a database.
>>
>> Basically: learn to use Unix File Permissions.  They exist for a
>> REASON.  Use them.  It's not our job to deal with your laziness.
>
>While I can understand and agree with your summary, I will ask the
>question, what do you propose people do to minimize problems that could be
>caused as a result of a computer theft, such that the computer contains
>one or more gnucash databases which happen to contain sensitive
>information such as credit card numbers and other data useful for identify
>theft? My gut instinct is to lean toward an encrypted filesystem, which of
>course has performance implications. Are there other techniques that
>people are employing today to deal with this?

First of all, there is no reason (that *I* can think of) for putting
things like credit card numbers in a gnucash database.  At worst, just
the last four digits, if you really have that many credit cards that you
cannot just say 'Fleet VISA Card' or 'Bank One Master Card' or 'Gulf Oil
Card' in the description for the account.  I don't include the account
numbers for my accounts, just 'Checking Account' and 'Savings Account'. 
If I need my account number(s) they are in my wallet (eg on my checks or
on my cards).

In terms of *physical* computer theft, the main issue is going to be
*physical* security.  Some thoughts:

1) Don't put ANY personal information on a LapTop -- LapTops are too
easy to steal.

2) Desktops can be locked down (makes them rather hard to steal).  At
the very least, it is possible to 'lock' the case itself and with a BIOS
passord and with the interactive boot disabled (remove the Boot: prompt
from LILO or Grub), it is not possible to get at the disk without a
valid password.

Of course, always lock your car when parking in possibly high crime type
areas.  If you live in a high crime type area, lock your doors, etc.

>
>- Marc
>_______________________________________________
>gnucash-user mailing list
>gnucash-user at lists.gnucash.org
>https://lists.gnucash.org/mailman/listinfo/gnucash-user
                                     \/
Robert Heller                        ||InterNet:   heller at cs.umass.edu
http://vis-www.cs.umass.edu/~heller  ||            heller at deepsoft.com
http://www.deepsoft.com              /\FidoNet:    1:321/153


More information about the gnucash-user mailing list