How safe is GnuCash?

[Geert Janssens]

Op zaterdag 14 januari 2017 15:03:50 CET schreef Colin Law:
> On 14 January 2017 at 14:58, Securenym.net <wroberts at securenym.net> wrote:
> > And that brings up another point.  SQL databases are supposed to have
> > transaction logging as part of their rollback/recovery features.  They
> > use this to insure data integrity.  Most of these can be archived and
> > recovered for analysis.  If that is the case, and SQL is used for
> > gnucash, then Kai’s question Is gnucash safe?  can be answered with
> > confidence: Yes.  The transaction date and time of any change to the
> > database is written in the logs for any permanent table.  These log files
> > contain enough data that they can be tracked, including a sequence number
> > which will allow an auditor to investigate what changed when.  The ones
> > I’m familiar with  contain transaction id, a checksum, actual data and
> > backup information.
> > 
> > If an sql database is in use, then the database logging and auditing
> > features may very well be the key to satisfying the auditors, with the
> > exception of tying changes to the individual user, but that is easily
> > fixed with appropriate administrative controls —  knowing who has what
> > access to your systems and when. And with at least some DBMS, if the log
> > space is full to capacity, the DBMS will simply complain and not permit
> > any more transactions.
> > 
> > This may be helpful in telling the auditors that yes, gnucash, when using
> > sql is indeed safe.
> Cannot the same be said of the logs gnucash generates when used with
> the xml format?
> 
No. For the very simple reason these logs are very incomplete. They only track 
a small subset of changes one can make from within the gnucash program. 
There's a bug report for this somewhere.

Geert