Any interest in a "import from bank website" command?

Thu Dec 13 00:11:43 EST 2007

That's not a bad idea, but it greatly restricts my ability to add new banks
and keep existing bank import engines up to date.

As to the first point, I want to support all banks, not just the ones that
have individual open-source contributors.  By hosting it centrally, I can
add new banks "on demand" as users supply me with their login information,
rather than waiting around for somebody to submit code that I have to take
on faith works.

Which leads me to my second point: without access to the login credentials,
I've absolutely no way to test whether or not it's working, nor any way to
fix it if it isn't.  

Basically, while I love the security issues of a client-side scraping
engine, I have enough experience running and contributing to open source
projects to know that contributors come and go and the code must be testable
and fixable even if they disappear.  Client-side scraping sounds really good
in theory, but I'm afraid in practice will just result in a very high
fraction of broken import engines, reducing the overall quality of the
system beneath the threshold of utility.  

At the end of the day, this is a component of a bigger system for a userbase
having a much higher expectation of reliability -- including committed SLAs.
Thus while I respect and appreciate alternate views on this, in my case I
need to stick with a hosted solution.

The upside, of course, is once I sort out the trust issues, you can count on
expensify.com for a much broader and more reliable catalog of bank import
engines than could otherwise be feasibly obtained.

So, with all that in mind, if I were to create a "File :: Import :: Bank
Website" command that pulls through the expensify.com OFX gateway, would you
use it?  How can I satisfy your fraud concerns?  Or is the feature itself
simply not interesting?

-david

> -----Original Message-----
> From: gnucash-user-bounces at gnucash.org [mailto:gnucash-user-
> bounces at gnucash.org] On Behalf Of Andrew Sackville-West
> Sent: Wednesday, December 12, 2007 8:22 PM
> To: gnucash-user at gnucash.org
> Subject: Re: Any interest in a "import from bank website" command?
> 
> On Wed, Dec 12, 2007 at 07:02:09PM -0800, David Barrett wrote:
> > Totally fair concerns.  I'll take each in turn:
> >
> 
> snip
> 
> > - And finally, though I haven't heard any confusion on this point but I
> > realize I didn't spell it out in my original email: this feature differs
> > from the existing OFXDirectConnect/AqBanking feature in that it's much
> > simpler to set up (just your regular bank domain/username/password),
> > requires no premium banking accounts, and focuses exclusively on the
> task of
> > downloading transaction histories.  Thus if you just want to quickly
> import
> > or update your transaction history with minimal fuss, use this, but use
> > OFXDirectConnect for more powerful online banking scenarios.
> 
> why not address many of these issues by moving the screen scraping
> code off of your server and onto the user's machine? Then the user
> controls the situation the level they are comfortable (from just
> accepting it at face value to auditing the code line by line). There
> are no concerns about you being a phisher or certificate authenticity
> or giving up one's username/password to a thrid party.
> 
> A