I recently had to run MS Baseline Security analyzer :
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
on a default SQL Server installation. It was interesting that it
produced security alerts about the (default) installation I had
performed using a system account :
- server run using LocalSystem , recommend running as an unprivileged
account
Of course most folks will either a) not run this tool, or b) ignore the
warning, but if the MS keep getting hammered on the security front, they
too may well adopt the "won't run if I am an admin" stance in order to
prevent Gartner recommending punters away from SQL Server (like they did
with IIS).
There are signs that the previous Windows paradigm of "security
sacrificed on the alter of user convenience" is drawing to a close (e.g.
in Win 2003 default permissions have been altered *away* from "world
writable/sharable for everything")
You are right - it is going to annoy many users. However there is
another way of seeing this. Postgres is on the leading edge for
increasing security awareness on the windows platform, and boy is there
a need for that!
regards
Mark
Steve Tibbett wrote:
> It is normal on Windows for users to have admin rights on the local
>
>system. As much as this needs to be changed, you're not going to
>change it. If you insist on not running on an account with admin
>rights, you're just going to frustrate users
>
>You could say "Windows is inherently insecure; refusing to run". That
>would make the port much simpler. :)
>
>A warning is appropriate I think.. but refusing to run is going
>overboard. Just my two cents.
>
>--
>Steve Tibbett
>stevex-pgsql@oakburl.net
>
>---------------------------(end of broadcast)---------------------------
>TIP 7: don't forget to increase your free space map settings
>
>
