Merlin Moncure wrote:
> Steve Tibbett wrote:
>>
>> It is normal on Windows for users to have admin rights on the local
>> system. As much as this needs to be changed, you're not going to
>> change it. If you insist on not running on an account with admin
>> rights, you're just going to frustrate users
>>
>> You could say "Windows is inherently insecure; refusing to run". That
>> would make the port much simpler. :)
>>
>> A warning is appropriate I think.. but refusing to run is going
>> overboard. Just my two cents.
>
> I disagree completely. Opening a tcp/ip server with this level of
> complexity for root access is a recipe for disaster. Wait until an
> exploit pops up and hundreds of win32 boxes get rooted. This would be a
> huge embarrassment and would be awful press. Do you really want to
> allow for this scenario?
I'm not sure I understand the problem. Doesn't an administrative
user have sufficient priviledges to 'do the right thing' and
create a user for the PostgreSQL service? Isn't it just a matter
of wrapping the necessary commands in batchfiles with a
teletubbies icon so that the user doesn't even notice PostgreSQL
is running under another account?
The only problem I foresee is that users might find doing the
right thing too complicated. Lets focus on making it easier.
Jochem
