Re: EMBEDDED PostgreSQL

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: John DeSoi <desoi(at)pgedit(dot)com>
Cc: Christopher Browne <cbbrowne(at)ca(dot)afilias(dot)info>, pgsql-general(at)postgresql(dot)org
Subject: Re: EMBEDDED PostgreSQL
Date: 2005-01-25 21:35:35
Message-ID: 7059.1106688935@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

John DeSoi <desoi(at)pgedit(dot)com> writes:
>> 2.3) Why do I need a non-administrator account to run PostgreSQL under?

> Again, I think this is fine as the default, but it would be nice if it
> could be changed with a setting (rather than recompiling the source).
> Not all Windows users are dummies about security and need PostgreSQL to
> enforce security measures beyond those implemented on other platforms.

Sorry, but any Windows user who thinks he doesn't need security measures
equivalent to (not "beyond") minimum Unix practice is a dummy about
security. Take a look at this LOAD vulnerability we're in the midst of
patching, and ask yourself whether you aren't glad that it can't be used
to get admin privileges on your Windows box.

(John Heasman pointed out to me off-list that the LOAD hole *is* remotely
exploitable on Windows; details left as an exercise for the reader.)

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2005-01-25 21:55:40 Re: Delete with a multi-column join?
Previous Message Tom Lane 2005-01-25 21:26:59 Re: Extended unit