Privacy and passwords

[Mike or Penny Novack]

Davey,

    We do hear you, but please take another look at what you are saying, 
because "security" isn't just about what is implemented in software but 
also procedures. The best security software in the world if used with 
improper/insecure procedures.

>My point was that pointing out what people "should" be doing or what
>is "the wrong way" to use your computer isn't very helpful when in the
>real world most people don't have separate accounts for each user.
>That's a simple fact, the fact that you don't agree with it doesn't
>change that. The majority of home users trade a certain amount of
>security for convenience, and not having to log off and log on again
>within in the confines of your own home is one of those conveniences.
>  
>
    Yes indeed, but that is IDENTICAL to the question (in terms of 
procedure) to whether they have separate GnuCash passwords, no? In other 
words, if you can't be troubled to have a separate OS password from 
other family members and guests, why should we developers imagine that 
you would choose to have a separate GnuCash password.

>Again, I know a simple password would not provide a high degree of
>security, but it *would* be enough to deter most casual passers by,
>including family members. I keep my personal diary in a drawer in my
>house with a simple lock. It could easily be picked with just a
>hairpin, but I know that that this minimal amount of security make a
>huge difference compared to me leaving it out on the desk where
>curiosity may well prove too tempting for anyone who walks by.
>  
>
    So in effect you are asking to be provided for a lock/key for THIS 
drawer in addition to the lock/key that already exists on every drawer 
in your house (including this one) should you bother to turn the key in 
the lock. It is the pre-existence of the all-drawer locks that makes 
what you ask low priority. You tell us that you aren't bothered to use 
the locks that exist so why should we think you'd use this one.

    That is why my original response was geared to a more sensible 
version of what you asked. I was responding to what were the problems of 
providing security under the condition that other users of the system 
had sysadmin rights --- in which case that fact that you all had your 
own system log ins wouldn't help as a sysadmin can look at any data on 
the system (and by inserting a "live OS" CD, anybody who can change the 
boot sequence to come up from that can be a sysadmin). I was trying to 
explain that providing security under this condition would be much more 
difficult (except via encryption). It redefines "casual" or "lying on 
the desk".

    So yes, I could envision password protection that could hold up 
against people who although they had sysadmin rights nevertheless could 
not write software (create their own modified version of a program) 
under the assumption that they could not find somebody else to give them 
such software -- as sysadmins they can install software. This could be 
done but a substantial effort because it's not the program that needs 
password protection (these users can run the program under their own 
passwords but your data) but the DATA. That means a new data format 
(slightly) that cannot be read by old versions of the program (not 
forward compatible) but naturally the new program has to be backward 
compatible, able to read old data too. A lot of effort for a small gain 
in security (because almost surely it would not be all that hard to 
obtain a copy of the special spy software "read GnuCash data in spite of 
the password lock" --- a minor modification of the regular program). As 
easy and far more secure would be to incorporate encryption.

Michael