Authentication in GNUCash
Mike or Penny Novack
stepbystepfarm at mtdata.com
Sun May 16 07:19:52 EDT 2010
>Hi
> I am using GNUCash for the last 1 month. I am surprised by the fact that
>there is no initial authentication when I open GNUCash. All my accounts are
>visible right after opening GNUCash. I went through the mailing lists and
>could find info only about encrypting the data. Is there no simple
>'Username', 'Password' authentication mechanism in GNUCash?
>
>Regards
>Shenbaga Kumar
>
>
The reason is that an "authentication process" such as you describe
(username + password) would provide only the illusion of security. The
GnuCash developers know how they could easily get around that and that
if you need security ......
1) Should be done at the operating system level
2) Only encryption can provide security against even modestly
sophisticated attack
Yes, what you describe is provided in many commercial alternatives, but
keep in mind that the goal there is to sell the consumer what the
consumer believes he or she wants even if of no actual use whatsoever.
The GnuCash developers have no such interest.
For example, look at #1. You worry that a hostile user of your computer
could look at your GnuCash user data without knowing a username and
password? Why should they be able to see ANY of your user data without
knowing your main log in user ID and password. Does your operating
system not provide for that? Or more likely, it does (did) but you chose
to have your log in account set up so that you didn't have to enter a
password.
The reason for #2 is that it is normally rather easy for a hostile user
who has physical access to your computer to bring the machine up under
the operating system of his or her choice (and so #1 doesn't provide as
much security as you think it might)
Michael D Novack
More information about the gnucash-user
mailing list