How safe is GnuCash?
Geert Janssens
geert.gnucash at kobaltwit.be
Sat Jan 14 10:25:12 EST 2017
Op zaterdag 14 januari 2017 15:03:50 CET schreef Colin Law:
> On 14 January 2017 at 14:58, Securenym.net <wroberts at securenym.net> wrote:
> > And that brings up another point. SQL databases are supposed to have
> > transaction logging as part of their rollback/recovery features. They
> > use this to insure data integrity. Most of these can be archived and
> > recovered for analysis. If that is the case, and SQL is used for
> > gnucash, then Kai’s question Is gnucash safe? can be answered with
> > confidence: Yes. The transaction date and time of any change to the
> > database is written in the logs for any permanent table. These log files
> > contain enough data that they can be tracked, including a sequence number
> > which will allow an auditor to investigate what changed when. The ones
> > I’m familiar with contain transaction id, a checksum, actual data and
> > backup information.
> >
> > If an sql database is in use, then the database logging and auditing
> > features may very well be the key to satisfying the auditors, with the
> > exception of tying changes to the individual user, but that is easily
> > fixed with appropriate administrative controls — knowing who has what
> > access to your systems and when. And with at least some DBMS, if the log
> > space is full to capacity, the DBMS will simply complain and not permit
> > any more transactions.
> >
> > This may be helpful in telling the auditors that yes, gnucash, when using
> > sql is indeed safe.
> Cannot the same be said of the logs gnucash generates when used with
> the xml format?
>
No. For the very simple reason these logs are very incomplete. They only track
a small subset of changes one can make from within the gnucash program.
There's a bug report for this somewhere.
Geert
More information about the gnucash-user
mailing list