| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Chad N(dot) Tindel" <chad(at)tindel(dot)net> |
| Cc: | pgsql-docs(at)postgresql(dot)org |
| Subject: | Re: Mysql -> Postgresql pitfalls |
| Date: | 2003-08-03 17:03:44 |
| Message-ID: | 28368.1059930224@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
"Chad N. Tindel" <chad(at)tindel(dot)net> writes:
>> If someone roots your box, it's not our fault. Simple as that.
> I didn't say "require them to run as a non-root user". I said "Give them
> the choice to decide what is correct for their environment". In the case
> of apache, there are many internal webservers that are not exposed to the
> threat of the public internet; for such servers, it may be appropriate to run
> apache as root because it simplifies the administration and automation of
> tasks. But to do so, one has to know how to re-compile apache, which will
> exclude a lot of your basic garden variety administrators. Its very
> un-friendly programming.
If they don't know how to recompile apache, what are the odds that they
are truly competent to decide that they can safely run it as root?
Semi-competent people administering servers are the Achilles heel of the
internet already. We are doing them a favor, not creating a problem,
by preventing them from adopting insecure practices.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Barwick | 2003-08-03 18:19:57 | Re: Mysql -> Postgresql pitfalls |
| Previous Message | Roberto Mello | 2003-08-02 21:21:17 | Re: Mysql -> Postgresql pitfalls |