Is GnuCash Secure?

[John Ralls]

> On May 1, 2017, at 8:31 AM, tnicolle <tnicolleca at gmail.com> wrote:
> 
> Hello,
> 
> I just came across GnuCash in my search for a personal finance program that
> is easy to use and doesn't cost a fortune. I don't need a full blown
> accounting system like a Sage product but I am tired of wasting endless
> hours with so called free software online that is neither double entry
> accounting or works.
> 
> What I am looking for in a program are the following features:
> 
> -automatic download of transactions for bank chequing, savings, investment,
> loans, lines of credit and credit card accounts - I am looking to avoid
> manual data entry.

For what value of "automatic"? GnuCash can connect to those banks and brokerages that support the OFX DirectConnect (mostly USA) or HBCI (mostly Germany) protocols, but the operation must be manually initiated and not all banks and brokerages support the required protocol.

> 
> -automatic categorization of similar transactions based on payee etc.

GnuCash is a double-entry accounting program, more like QuickBooks than Quicken. It doesn't do "categories", it uses "transfer accounts" for the same purpose.  GnuCash does have account matchers, but they are not perfect and require training. Human operation and intervention is necessary.

> 
> -ability to record transactions across liability and asset accounts so that
> everything doesn't get recorded as an income or expense item. For example, I
> have spend untold hours trying to fix messes created by Wave when transfers
> from one chequing account are treated as INCOME items on the line of credit
> with no offsetting way of recording an entry to the line of credit for the
> increase to the loan. What happens is I end up with 3 of 4 entries to what
> should be a double entry system and it is a mess.

GnuCash is a real accounting program. That's no problem.

> 
> -ability to create reports that are customized somewhat.

Customization is dependent on what you want to customize. Some amount of report customization is possible with menus. If you can program in Scheme and figure out how (the documentation is a bit thin) then you can write full-custom reports.

> 
> -ability to provide current bank and loan account balances from automatic
> download of transactions.

See above.
> 
> -ability to track both cash accounts, investment accounts from brokerage
> divisions of banks or investment houses and credit card accounts.

No problem.

> 
> -ability to track separately sales taxes both paid out and collected.

Check, just set up separate accounts. Note, however, that your bank isn't going to break out taxes for you on stuff you buy so you'll have to manually edit the transactions.

> 
> -ability to track budgeted amounts agains actual amounts on a monthly,
> quarterly and yearly basis.

There is a budget module but it seems to gather more complaint than praise. You may not be satisfied with it.

> 
> These are most of the big features I find lacking in any other one online
> program. 
> 
> The last and most important one is that the data from my banks and other
> accounts downloaded is secure and cannot be accessed.

That requirement is impossible to meet. There is no such thing as "inaccessible but still useful data". GnuCash provides no facility at all for data security. None at all. It's up to the user to provide that.

> 
> I am not a programmer so I don't really understand the concept of open
> source and what this means from a security point of view. As I do understand
> it, I believe it means that anyone can modify the source code to change it
> and that is how improvements are made. 
> 
> If this is the case, I wonder then what stops a developer from going into
> the source code and changing it with malicious intent to grant access or
> create virus problems etc.

Nothing at all. The difference is that since the source code is published other programmers can examine the code and review the changes so a malicious or erroneous change might be noticed. That's not possible with commercial software. It doesn't make open-source software immune: There are tons of security holes found in open-source software, including widely publicized security breaches to two very widely-used programs a couple of years ago. The holes weren't malicious, just dumb mistakes, but they went undetected for many years.

> 
> Anyway, I would appreciate greatly anyone's response with this and would be
> happy to clarify any questions if need be. For the record, I am trained in
> accounting and understand the accounting concepts fully.
> 
> Thanks very much and have a great day.

Regards,
John Ralls