<snip>
>This has long been common practice in the Unix world, and is starting
>to become standard practice in the Windows world as well as Microsoft
>and other vendors work to improve the security of their systems.
>==
>
>Again, I think this is fine as the default, but it would be nice if it
>could be changed with a setting (rather than recompiling the source).
That can always be argued :-)
>Not all Windows users are dummies about security and need
>PostgreSQL to
>enforce security measures beyond those implemented on other platforms.
First of all, it does *not* enforce anything beyond what's enforced on
Unix. On Unix, it doesn't run as root. On Windows, it doesn't run as
Administrator.
If your users are running as administrators, then you *are* very naive
about security on your systems (I won't say dummy, but clearly not
making a significant effort). That's where you should fix the problem.
For an embedded database, one can argue that it's much less of an issue.
And if it was possible without making it a major hack, it would seem
reasonable to permit running it as administrator as long as only
localhost connections are provided (not by default, but possible. Not by
default because a ASP page or whatever still turns anything into a root
hole, but it could be configurable). But I don't think that can be done
in a non-intrusive way. And it'd just be a workaround the real issue
anyway.
//Magnus
