Andreas Pflug wrote:
> Darko Prenosil wrote:
>
>>> Want to limit the success of native? Surefire way to do it.
>>>
>>> I am not in the community and don't want my first comment to be
>>> bitching,
>>> but maybe you can bring that up for me?
>>>
>>
>>
>> It seems that the 'linux' way 'scares' some win users :-(
>>
>>
>
> In the win32 user's sight, the current implementation is very
> dogmatic. While there *has* to be some dogmatism about security, IMHO
> in the case of account to run pgsql on this is up to the
> administrator, not us. We should recommend using a separate user,
> support it in the installer by default as comfortable as possible, but
> enforcing it is regarded as non-native and thus suspicious in the
> win32 world.
>
> Running as admin is so common for Windows, you'd never see complaints
> about that aspect. Even programs *requiring* admin rights are widely
> accepted (with some minor grumbling).
>
> It's another universe...
>
I originally left the 'running as root/administrator' check out of
initdb for this reason. However, the flip side is that if nobody ever
enforces a better way of doing things nothing will ever change. We don't
run as root on Unix for a reason. It's hard to see that that reason
applies less in the case of Windows. Are you prepared to take
responsibility if someone finds a way to use postgres as a vector to
subvert Windows machines? Me either.
cheers
andrew
