From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Dave Page <dpage(at)pgadmin(dot)org> |
Cc: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, ashesh(dot)vashi(at)enterprisedb(dot)com, dharmendra(dot)goyal(at)enterprisedb(dot)com, sachin(dot)srivastava(at)enterprisedb(dot)com, pgsql-hackers(at)postgresql(dot)org, craig(at)postnewspapers(dot)com(dot)au |
Subject: | Re: Minimising windows installer password confusion |
Date: | 2012-06-12 12:49:54 |
Message-ID: | CABUevEwyDO7yCWcaFqRs5rMxUCOnGZD3+qsnKCvtUtNDtUwrNQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jun 12, 2012 at 2:48 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> On Tue, Jun 12, 2012 at 1:35 PM, Kevin Grittner
> <Kevin(dot)Grittner(at)wicourts(dot)gov> wrote:
>> Magnus Hagander wrote:
>>> Kevin Grittner wrote:
>>
>>>> Are they running the installation as a system administrator? If
>>>> so, rather than throwing up an error message and telling them to
>>>> go use other tools to reset the password, is it possible for the
>>>> administrator account to force a password change? If that is
>>>> possible, it seems like it would be a lot more friendly. If not,
>>>> perhaps the old postgres user could be renamed, and a new one
>>>> created with the password?
>>>
>>> That might break another app running nuder that account. Such as a
>>> different version of PostgreSQL...
>
> Right.
>
>>> But an option could be to create a different account to run it
>>> under, I guess... Leaving the old one where it is. I think that's
>>> better than renaming the old one, really.
>
> I'm not keen on adding additional user accounts - that's a security
> problem imho. It'll leave the unaware user with multiple accounts on
> the system, and may cause those that do understand what's going on
> pain because they'll have to deal with multiple accounts for things
> like server-side copy.
Oh, I certainly wouldn't do it without *informing* and verifying it
with the user.
> It also doesn't solve the problem during upgrades, though admittedly
> that seems to be less common.
Why do you need the account at all during upgrades? Don't you just
stop the service and replace the binaries?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2012-06-12 12:52:21 | Re: 9.2 final |
Previous Message | Dave Page | 2012-06-12 12:48:23 | Re: Minimising windows installer password confusion |