How safe is GnuCash?

[Colin Law]

On 14 January 2017 at 14:58, Securenym.net <wroberts at securenym.net> wrote:
> And that brings up another point.  SQL databases are supposed to have transaction logging as part of their rollback/recovery features.  They use this to insure data integrity.  Most of these can be archived and recovered for analysis.  If that is the case, and SQL is used for gnucash, then Kai’s question Is gnucash safe?  can be answered with confidence: Yes.  The transaction date and time of any change to the database is written in the logs for any permanent table.  These log files contain enough data that they can be tracked, including a sequence number which will allow an auditor to investigate what changed when.  The ones I’m familiar with  contain transaction id, a checksum, actual data and backup information.
>
> If an sql database is in use, then the database logging and auditing features may very well be the key to satisfying the auditors, with the exception of tying changes to the individual user, but that is easily fixed with appropriate administrative controls —  knowing who has what access to your systems and when. And with at least some DBMS, if the log space is full to capacity, the DBMS will simply complain and not permit any more transactions.
>
> This may be helpful in telling the auditors that yes, gnucash, when using sql is indeed safe.

Cannot the same be said of the logs gnucash generates when used with
the xml format?

Colin