Search Postgresql Archives

Re: EMBEDDED PostgreSQL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>> 2.3) Why do I need a non-administrator account to  run 
>PostgreSQL under?
>
>> Again, I think this is fine as the default, but it would be 
>nice if it 
>> could be changed with a setting (rather than recompiling the 
>source). 
>> Not all Windows users are dummies about security and need 
>PostgreSQL to 
>> enforce security measures beyond those implemented on other 
>platforms.
>
>Sorry, but any Windows user who thinks he doesn't need 
>security measures
>equivalent to (not "beyond") minimum Unix practice is a dummy about
>security.  Take a look at this LOAD vulnerability we're in the midst of
>patching, and ask yourself whether you aren't glad that it 
>can't be used
>to get admin privileges on your Windows box.
>
>(John Heasman pointed out to me off-list that the LOAD hole 
>*is* remotely
>exploitable on Windows; details left as an exercise for the reader.)

Actually, if you configure your box for high security, it's not.
Granted, not everybody does. But if you do, you're fine. It relies on
SMB connection out from your box, which can be disabled in several ways
(one of which is putting a firewall in front of your server, which
really isn't such a bad idea).

//Magnus

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux