On 06/13/2012 05:10 PM, Dave Page wrote:
> The idea of storing the password in clear text in the registry gives
> me nervous twitches.
Me too. It's horrible, and I really dislike the idea. I can't imagine
that Microsoft don't have a better solution to this.
I talked to some Microsoft people at an event yesterday, and they said
that they just don't use completely isolated user accounts for services.
Microsoft's services install into the three standard service access levels:
LocalService NetworkService LocalSystem
as mentioned:
http://msdn.microsoft.com/en-us/library/ms143504.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686005(v=vs.85).aspx
... so maybe the answer is that we're trying to do it too UNIX-ish (ie:
securely) and we should by default use the NetworkService, allowing
users to change the service account if they want to as an advanced feature.
Personally I think that'd be better than the current situation, which is
not user friendly, and has a much lower squick-factor than storing
passwords in the registry.
This'd also solve issues with other Pg installs; we just switch smoothly
over to installing in NetworkService by default, giving users a radiobox
to switch to "custom service user account" where the name "postgres" is
prefilled.
--
Craig Ringer
POST Newspapers
276 Onslow Rd, Shenton Park
Ph: 08 9381 3088 Fax: 08 9388 2258
ABN: 50 008 917 717
http://www.postnewspapers.com.au/
