Re: Why running an RDBMS as a superuser is a Bad Thing

From: "Magnus Hagander" <mha(at)sollentuna(dot)net>
To: "Ian Barwick" <barwick(at)gmail(dot)com>, <pgsql-advocacy(at)postgresql(dot)org>
Subject: Re: Why running an RDBMS as a superuser is a Bad Thing
Date: 2005-02-09 10:25:20
Message-ID: 6BCB9D8A16AC4241919521715F4D8BCE47680F@algol.sollentuna.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy

> MySQL AB explains:
> http://dev.mysql.com/tech-resources/articles/securing_mysql_wi
> ndows.html#part11

Indeed. I wonder when they'll change the default.

I also wonder why the service account needs Full Control on it's own
.EXE files. That seems highly dangerous. PostgreSQL adds explicit
deny-write permissions to itself on these files ;-) And only change on
the data files, no need for full control.

You will also notice they recommend you to use NT based systems (same as
pg), use NFTS (same as pg), no remote tcpip (same as pg)... Only pg does
it by default :-)

//Magnus

Browse pgsql-advocacy by date

  From Date Subject
Next Message David Fetter 2005-02-09 16:24:00 Re: Linux World Boston
Previous Message Francois Suter 2005-02-09 08:24:06 Re: [pgsql-advocacy] Solutions Linux 2005 Paris : debriefing