[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?

Kalpesh Patel kalpesh.patel at usa.net
Mon Sep 9 19:40:54 EDT 2024 

It is not true that password on a zip is very weak. It really depends on the type of algorithm you have selected to encrypt it with when you password protect it.

While I am in agreement that GnuCash is a financial tool, not a security tool, I don't think security should be overlooked. To be honest, when GNC does loading and saving of XML file in compressed format, it sort of is doing decryption and encryption, respectively, already. In order to achieve encrypted data at rest, in theory, only thing that would be needed to add would be to pipe that data stream through a library that also munges it up when saving and un-munges when loading, aka encryption/decryption engine. For other formats, like SQL backend, those system have built in capabilities to do so, so no need to do so there.

-----Original Message-----
From: David G. Pickett <dgpickett at aol.com> 
Sent: Monday, September 09, 2024 5:11 PM
To: Derek Atkins <derek at ihtfp.com>
Cc: Gnucash Users <gnucash-user at gnucash.org>
Subject: Re: [GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?

 True, but aren't security and finances inextricable intertwined these days?  You already gzip the data, so it is nicely random going into any encryption!  Sadly, I am not seeing a lot of handy tools for this.  Windows does have an encrypted file feature, but it assumes you leave the file on the local hard drive. The password on a zip is very weak, I believe.

It does save you a lot of password recovery discussions!
    On Monday, September 9, 2024 at 10:16:30 AM EDT, Derek Atkins <derek at ihtfp.com> wrote:   

 The GnuCash team, historically, have explicitly decided that GnuCash leave encryption and other password protection to external tools and NOT perform it internally.  GnuCash is a financial tool, not a security tool.

-derek

On Mon, September 9, 2024 9:59 am, David G. Pickett via gnucash-user wrote:
> The security concerns beg the question, should GnuCash files be 
> password protected by the app?  It'd slow save and open a bit, but 
> then you are less worried about the files being snooped.
>
> There are also ways to encrypt local files, and back up the encrypted 
> files to you network drive.  Just make sure you do not lose the password!
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
>


--
      Derek Atkins                617-623-3745
      derek at ihtfp.com            www.ihtfp.com
      Computer and Internet Security Consultant

More information about the gnucash-user mailing list