Thanks. I'm not really worried about this particular vulnerability, just wondering about the more general idea that having db user name = os user could reduce your security, even if only slightly. Is it just as conceivable that a vulnerability could come along that was more exploitable only if the two names were _different_?
--
![]()
To put it another way, keeping the two sets of names distinct is incrementally more complex to manage. Which might be worth it if there really is any gain. Is this a "best practice," or is it really a manifestation of its closely-related cousin, the "silly practice?" :)
Cheers,
Ken
AGENCY Software
A Free Software data system
By and for non-profits
(253) 245-3801
learn more about AGENCY or
follow the discussion.
