[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?
R Losey
rlosey at gmail.com
Wed Sep 11 11:06:05 EDT 2024
On Wed, Sep 11, 2024 at 9:56 AM Fred Bone <Fred at mandfb.me.uk> wrote:
> On 10 September 2024 at 14:09, R Losey said:
>
> > Well, but think about it... after the password is entered, THEN what? The
> > "correct" password would have to be stored somewhere so that GnuCash
> could
> > verify what is entered is correct, and clearly saving the password in
> > clear text is not secure. Because the software is open source, anyone
> > could read the steps taken to secure the password, and that would be a
> > huge help in breaking the password.
>
> Clearly you don't know anything about how password protected files are
> handled.
>
> The password is NOT stored anywhere. It doesn't need to be. So there is
> no code taking "steps to secure the password".
>
> The program doesn't need to "verify what is entered is correct", beyond
> attempting to use it to decrypt the data. That either works or it
> doesn't.
>
It's certainly possible that Im am lacking knowledge... I was thinking of
the *nix passwords which are (used to be) stored in encrypted form in the
/etc/passwd file.
I assume that if a file is protected by a password (or encrypted, for that
matter), there must be some way of verifying that what the user enters at a
password prompt is correct. You write that they attempt to decrypt the data
-- fine, but in a file, how do they tell if a bunch of 0s and 1s have been
correctly decrypted?
--
_________________________________
Richard Losey
rlosey at gmail.com
Micah 6:8
More information about the gnucash-user
mailing list