> >> Not all Windows users are dummies about security and need
> PostgreSQL
> >> to enforce security measures beyond those implemented on other
> >> platforms.
> >
> > First of all, it does *not* enforce anything beyond what's
> enforced on
> > Unix. On Unix, it doesn't run as root. On Windows, it
> doesn't run as
> > Administrator.
>
> OK, perhaps I'm not comparing apples to apples. On OS X I
> have an administrative account and I can run PostgreSQL just
> fine. So what you are saying is an administrative account on
> Windows is more like root on Unix.
Really? I'd call that a bug in the OSX port, but I don't know enough to
actually say that's really so. For example, what an "administrative
account" means on OSX. If the account has permissions to write all over
the place, then it should not be permitted tos tart the backend as that
user.
Administrator on windows is almost as powerful as root on unix, yes. And
it's trivial to get from administrator to local system, which has
everything root has.
> > If your users are running as administrators, then you *are*
> very naive
> > about security on your systems (I won't say dummy, but clearly not
> > making a significant effort). That's where you should fix
> the problem.
>
> Again, I was merely pointing out the issue for the original
> poster who wanted an embedded database. On Windows there is
> currently no way to drag any kind folder with PostgreSQL to
> the hard drive and run (local connections only) if the user
> is an administrative user. And my guess is that anyone that
> buys a Windows machine and sets it up themselves has one
> account which is an administrative user.
It definitly does not hold true for a corporate environment, where
almost nobody should be. As for home installations, that has long been
the case. But IIRC, if you install XP Home it recommends you create a
*non-admin* user. Suer, many don't, but at least it recommends you to do
so.
> Personally, I have no users administrative or otherwise. And
> the Windows machine I typically use is not even connected to
> the internet :).
Now *that* certainly helps security :-)
//Magnus
