<snip> >This has long been common practice in the Unix world, and is starting >to become standard practice in the Windows world as well as Microsoft >and other vendors work to improve the security of their systems. >== > >Again, I think this is fine as the default, but it would be nice if it >could be changed with a setting (rather than recompiling the source). That can always be argued :-) >Not all Windows users are dummies about security and need >PostgreSQL to >enforce security measures beyond those implemented on other platforms. First of all, it does *not* enforce anything beyond what's enforced on Unix. On Unix, it doesn't run as root. On Windows, it doesn't run as Administrator. If your users are running as administrators, then you *are* very naive about security on your systems (I won't say dummy, but clearly not making a significant effort). That's where you should fix the problem. For an embedded database, one can argue that it's much less of an issue. And if it was possible without making it a major hack, it would seem reasonable to permit running it as administrator as long as only localhost connections are provided (not by default, but possible. Not by default because a ASP page or whatever still turns anything into a root hole, but it could be configurable). But I don't think that can be done in a non-intrusive way. And it'd just be a workaround the real issue anyway. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
