[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?
Michael or Penny Novack
stepbystepfarm at comcast.net
Mon Sep 9 13:32:53 EDT 2024
On 9/9/2024 10:16 AM, Derek Atkins wrote:
> The GnuCash team, historically, have explicitly decided that GnuCash leave
> encryption and other password protection to external tools and NOT perform
> it internally. GnuCash is a financial tool, not a security tool.
A) Password protection IN THE APP would only provide a false sense of
security. This is OPEN SOURCE software. That means rather easy for an
attacker to compile their own version of gnucash (that ignored a wrong
password). Harder for an attacker with closed source, they would need
some special tools, but doable*.
B) The external tool/encrypted storage device done by people whose
specialty is security. One caveat --- do not trust you would have
security against a gov't. You would never know which encryption systems
they can crack (the spooks don't publish).
Michael D Novack
* In my working days, I've used a disassembler, a hex editor, and a tool
that mapped where in the code a running program was. In my case, nothing
nefarious, just things like lost source code << but it's our own
software -- need to make a change, need to recover human readable source
code so programmers can make future changes, etc. >>
More information about the gnucash-user
mailing list