[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?
David G. Pickett
dgpickett at aol.com
Tue Sep 10 17:01:36 EDT 2024
Generally when you type in a password to anything, it is stored in a variable in memory, virtual memory, possibly written to swap space, but those memory and disk spaces are protected and ephemeral, so there is no easy access to them and even then, they are hard to decipher.
In theory, one could encrypt it using a one-session generated random password just to make it hard to find in a core dump file or if someone cared to search your swap file pages. Then at write time during that same session, it can be decrypted for use. Many encryption systems actually digest the password into binary keys and discard it. I am no expert, as this is a fast evolving area.
Since we all type in passwords all day, there are industry standards one can follow on how to acquire them, store them, use them.
GnuCash might also want a password after any period of inactivity, to protect your data from house guests and the like. While PCs tend to promise this, I see them not timing out oh so often. Web sites often do this.
On Tuesday, September 10, 2024 at 03:09:24 PM EDT, R Losey <rlosey at gmail.com> wrote:
Well, but think about it... after the password is entered, THEN what? The "correct" password would have to be stored somewhere so that GnuCash could verify what is entered is correct, and clearly saving the password in clear text is not secure. Because the software is open source, anyone could read the steps taken to secure the password, and that would be a huge help in breaking the password.
On Mon, Sep 9, 2024 at 5:35 PM David G. Pickett via gnucash-user <gnucash-user at gnucash.org> wrote:
Nobody suggested putting a password in gnucash, just a pop up dialog to ask the user for it.
--
_________________________________
Richard Losey
rlosey at gmail.com
Micah 6:8
More information about the gnucash-user
mailing list