Re: stderr & win32 admin check - Mailing list pgsql-patches

From Tom Lane
Subject Re: stderr & win32 admin check
Date
Msg-id 4828.1087332045@sss.pgh.pa.us
Whole thread Raw
In response to Re: stderr & win32 admin check  (Andrew Dunstan <andrew@dunslane.net>)
Responses Re: stderr & win32 admin check
Re: stderr & win32 admin check
List pgsql-patches
Andrew Dunstan <andrew@dunslane.net> writes:
> Tom Lane wrote:
>> So?  I don't follow why "run it as a service" isn't a sufficient answer,
>> and indeed the preferred way to do it.

> We don't know what the usage pattern is going to be on Windows - I think
> we need to keep it as flexible as possible consistent with good
> security.

Sure, but I draw the line at running Postgres with admin privileges.
"Flexibility is more important than security" is exactly the mindset
that has gotten Microsoft into their current bed of nails.

The fact that there is a perfectly usable solution on NT4 (the oldest
Windows version we have any intention of supporting) seems enough to
me.  There are more usable solutions on newer versions.  Fine.  But
nowhere in here do I see a sufficient reason to allow known-insecure
operating practices.

I might be more willing to listen to other opinions on this if I were
rejecting a somewhat smaller volume of Microsoft-security-hole-spawned
spam and viruses every day.  But in the current environment I don't see
how any sane person can argue that allowing insecure operation of a
network-exposed service is acceptable behavior.

            regards, tom lane

pgsql-patches by date:

Previous
From: "Dave Page"
Date:
Subject: Re: stderr & win32 admin check
Next
From: Tom Lane
Date:
Subject: Re: stderr & win32 admin check