| From: | Jochem van Dieten <jochemd(at)oli(dot)tudelft(dot)nl> |
|---|---|
| To: | pgsql-hackers-win32(at)postgresql(dot)org |
| Subject: | Re: PgSQL not as Administrator - probs on w |
| Date: | 2004-07-09 14:50:58 |
| Message-ID: | 40EEB0D2.5040601@oli.tudelft.nl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers-win32 |
Merlin Moncure wrote:
> Steve Tibbett wrote:
>>
>> It is normal on Windows for users to have admin rights on the local
>> system. As much as this needs to be changed, you're not going to
>> change it. If you insist on not running on an account with admin
>> rights, you're just going to frustrate users
>>
>> You could say "Windows is inherently insecure; refusing to run". That
>> would make the port much simpler. :)
>>
>> A warning is appropriate I think.. but refusing to run is going
>> overboard. Just my two cents.
>
> I disagree completely. Opening a tcp/ip server with this level of
> complexity for root access is a recipe for disaster. Wait until an
> exploit pops up and hundreds of win32 boxes get rooted. This would be a
> huge embarrassment and would be awful press. Do you really want to
> allow for this scenario?
I'm not sure I understand the problem. Doesn't an administrative
user have sufficient priviledges to 'do the right thing' and
create a user for the PostgreSQL service? Isn't it just a matter
of wrapping the necessary commands in batchfiles with a
teletubbies icon so that the user doesn't even notice PostgreSQL
is running under another account?
The only problem I foresee is that users might find doing the
right thing too complicated. Lets focus on making it easier.
Jochem
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Meinel | 2004-07-09 15:01:41 | Re: initdb failed (terminated signal 5) |
| Previous Message | Merlin Moncure | 2004-07-09 14:36:25 | Re: PgSQL not as Administrator - probs on w |