>>> 2.3) Why do I need a non-administrator account to run >PostgreSQL under? > >> Again, I think this is fine as the default, but it would be >nice if it >> could be changed with a setting (rather than recompiling the >source). >> Not all Windows users are dummies about security and need >PostgreSQL to >> enforce security measures beyond those implemented on other >platforms. > >Sorry, but any Windows user who thinks he doesn't need >security measures >equivalent to (not "beyond") minimum Unix practice is a dummy about >security. Take a look at this LOAD vulnerability we're in the midst of >patching, and ask yourself whether you aren't glad that it >can't be used >to get admin privileges on your Windows box. > >(John Heasman pointed out to me off-list that the LOAD hole >*is* remotely >exploitable on Windows; details left as an exercise for the reader.) Actually, if you configure your box for high security, it's not. Granted, not everybody does. But if you do, you're fine. It relies on SMB connection out from your box, which can be disabled in several ways (one of which is putting a firewall in front of your server, which really isn't such a bad idea). //Magnus ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
