How safe is GnuCash?

Securenym.net wroberts at securenym.net
Sat Jan 14 09:58:06 EST 2017


And that brings up another point.  SQL databases are supposed to have transaction logging as part of their rollback/recovery features.  They use this to insure data integrity.  Most of these can be archived and recovered for analysis.  If that is the case, and SQL is used for gnucash, then Kai’s question Is gnucash safe?  can be answered with confidence: Yes.  The transaction date and time of any change to the database is written in the logs for any permanent table.  These log files contain enough data that they can be tracked, including a sequence number which will allow an auditor to investigate what changed when.  The ones I’m familiar with  contain transaction id, a checksum, actual data and backup information.

If an sql database is in use, then the database logging and auditing features may very well be the key to satisfying the auditors, with the exception of tying changes to the individual user, but that is easily fixed with appropriate administrative controls —  knowing who has what access to your systems and when. And with at least some DBMS, if the log space is full to capacity, the DBMS will simply complain and not permit any more transactions. 

This may be helpful in telling the auditors that yes, gnucash, when using sql is indeed safe.

Walt
> On Jan 14, 2017, at 8:10 AM, Mike or Penny Novack <mpnovack at mtdata.com> wrote:
> 
> On 1/14/2017 1:59 AM, Dean Gibson wrote:
>> I don't want to start another discussion about the data store being SQL-based, but it certainly makes external auditing easier, I'd think.
>> 
>> I thought I've had reading all this, is if gnucash could package each year's data into a separate file, and then read them as necessary to to view (or possibly change) older data.  Properly done:
> 
>> 
>> 1. This would help performance.
>> 2. The older files, once audited, could be securely backed up
>>   separately, and then compared as needed to their peers still in
>>   use.  It would make detecting prior year changes trivial.
>> 
>> Secure backups, once audited, are key component of the idea, it seems to me.
>> 
> It can. Actually you don't need gnucash to produce the copy of the YE file. Let me ask you a question. You DO make backups, yes? You know how you would make more than one copy of a backup, yes? How to burn that onto medium that once done cannot be altered, yes?
> 
> While I haven't ever worked with "mini" SQL,  (I did mainframe SQL; DB2 utilities) I am sure there is a way to backup/restore them. BTW, even here there are chances to "mess" with the data. I once had occasion to change an SQL database by making  a backup, modifying the backup, and then restoring from that  << mass entering of test data into a test database for a new system rather than having scads of humans hand enter this data row by row --- we are talking about LOTS of rows >> So even here, be not too trustful unless the data has been PHYSICALLY out of reach.
> 
> Michael
> 
> 
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.



More information about the gnucash-user mailing list