John DeSoi <desoi@xxxxxxxxxx> writes: >> 2.3) Why do I need a non-administrator account to run PostgreSQL under? > Again, I think this is fine as the default, but it would be nice if it > could be changed with a setting (rather than recompiling the source). > Not all Windows users are dummies about security and need PostgreSQL to > enforce security measures beyond those implemented on other platforms. Sorry, but any Windows user who thinks he doesn't need security measures equivalent to (not "beyond") minimum Unix practice is a dummy about security. Take a look at this LOAD vulnerability we're in the midst of patching, and ask yourself whether you aren't glad that it can't be used to get admin privileges on your Windows box. (John Heasman pointed out to me off-list that the LOAD hole *is* remotely exploitable on Windows; details left as an exercise for the reader.) regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to majordomo@xxxxxxxxxxxxxx
