mike.jacobson wrote:
Terrific! another portable app!..but this one worries me a little...it goes like this...I really have no idea about ports, and ma probably holding the wrong end of the stick here, but when I run GNUcash portable it 'requires' access to port 1060 on startup and port 1072 on closedown. If I don't give it access to this on startup, it ends with some obscure runtime error. On closedown it seems to want access to port 1072.
On starting Gnucash portable my firewall says something like
do you want the following access: GNUcash -bin.exe localhost 127.0.0.1 port 1060
..and on exit
do you want the following access: GConf -2.exe localhost 127.0.0.1 port 1072
This makes me suspicious....and probably for no good reason, so sorry if I sound distrustful, it's just that most everything else I use does not require such access. Would you care to put my mind at rest on this one? i run Windows XP pro and an old free version of the kerio firewall.
Mike, this is due to GnuCash using GConf for its configuration settings management. GConf is the Gnome configuration library and it utilizes TCP/IP sockets on the localhost as its chosen method of inter-process communications. I believe this is because sockets are fairly platform independent. Most windows apps use built in windows interprocess communication methods (COM, OLE, DDE, etc) since few are made to be cross-platform, thus the usual lack of warnings from your firewall for most apps. In this case the access is indeed harmless, and necessary for GnuCash to be able to access & save settings.
....and sorry to have posted in the wrong place.
-- During developmental testing I had also noted the GnuCash application needing IP/port accesses in order to function.
The pattern I observed was:
-1- 172.0.0.1 (gnucash-bin.exe)
-2- 172.0.0.1 (gconfd-2.exe)
-3- (gnucash-bin.exe)
where the ports for gnucash-bin.exe & gconfd-2.exe try to access IP 172.0.0.1 (TCP/IP local loop-back address, a.k.a. "localhost") vary with each launch of the application but always falling two port numbers apart. The lowest I detected were ports 1027/1029 and highest ports 4757/4759. The trusted DNS IP appeared to change about once or twice a day. Included in the trusted DNS IPs noted were DNS servers belonging to Google, Lavasoft, Earthlink, & McAfee. CAVEAT: not every single one noted was tracked down; tracking abandoned after sufficient numbers of well known trusted were identified to make it appear innocuous. Someone more security minded may wish to identify the entire list, check them all out, and determine specifically what GnuCash needs DNS service access for. I always tested the application while off-line, and it appeared to function O.K. in that state, hence I'm not sure of the reason for DNS access by GnuCash.
-- I did run across some issues seemingly related to interdependency conflicts with other applications that perhaps were using some of the same Java library functions. I also found some issues with strange, non-standard behavior when switching between minimized, maximized, or "restore down" window states. But I had not tracked down the specifics well enough yet to comment.
-- Now that the new version is available, I'll have to check to see what issues may yet remain and to what extent they may or may not be related specifically to the P-Apps version.
---eom
If your testing was with a version prior to 2.2.3 there were issues with GnuCash at that point incorrectly accessing outside IP addresses instead of localhost. Those issues were fixed in 2.2.3.
formerly rayven01
Above data collected from
--- v 2.2.3 (r16843 build 2008.01.08) (24 launches over 4 day period); and,
--- v 2.2.4 (r16997, build 2008.03.02) (8 launches over 4 day period).
The latter version from GnuCash_Portable_2.2.4_Development_Test_1_en-us.paf.exe
Opening ports to DNS servers would obviously appear to be related to on-line banking features that I did not try to evaluate. I've noted discussion in P-Apps fora related to on-line access, but I'm not ready to "go there" yet (if ever). The main point for me is that it appears to function well in off-line mode. It's easy enough to download data and work it in more restricted environment.