On Tue, Mar 16, 2004 at 02:49:51PM +0000, Charles Goodwin was heard to remark: > Does libgsf offer encryption transparently to applications? >
Yes, this was discussed to death on the gnucash mailing lists. -- encryption is not enough if your kid can still delete your data files. The point is really access control, not encryption per se. -- one should stick to OS-provided security mechanisms for many good reasons -- yes, one could run multiple x servers on different desktops using ctrl-alt-PFn to toggle between them and use xlock on these, but this is wasteful of RAM, and is not a pretty solution for other reasons. I was hoping to not rehash those arguments. I was hoping to encourage a gnome-standardized, gnome-automated way of providing some apps with ability to prompt user for a passwd, and then do the equivalent of "xhost +; su - root; useradd otheruser; su - otheruser; export DISPLAY=:0; start_my_gnomeapp;" Yes, I could hack something up here; it would be a hack. Or I could write it up in the docs and tell everyone to RTFM. A gnome-generic, desktop-seal-of-approval way of handling this would be nicer. --linas > > On Tue, 2004-03-16 at 14:36, Linas Vepstas wrote: > > On Fri, Mar 12, 2004 at 04:03:13PM -0500, Kevin T.Broderick was heard to remark: > > > > > > As the most recent reply I've seen clearly outlined, it's quite > > > possible to create > > > a user specifically for gnucash (or perhaps gnucash and other sensitive > > > files) > > > and then su to that user (who is the only non-root user with access to > > > the files). > > > > Derek, and anyone else who is listening, the above is actually a good > > enough idea to actually consider implementing. It allows for a > > passwd-protected login to the app, and it allows the OS to handle > > all of the 'other aspects' of security. I'm cc'ing gnome-office, > > as surely this comes up often enough for other apps as well ... > > > > [background: user wants to leave a desktop perma-logged in, xlock-off, > > so wife/kids/parents can use, but wants to passwd protect or possibly > > encrypt certain things.] > -- > - Charlie > > Charles Goodwin <[EMAIL PROTECTED]> > Online @ http://www.charlietech.com -- pub 1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <[EMAIL PROTECTED]> PGP Key fingerprint = 8305 2521 6000 0B5E 8984 3F54 64A9 9A82 0104 5933 _______________________________________________ gnucash-devel mailing list [EMAIL PROTECTED] http://www.gnucash.org/cgi-bin/mailman/listinfo/gnucash-devel
