Home > mailing lists

Re: Why running an RDBMS as a superuser is a Bad Thing - Mailing list pgsql-advocacy

From	Magnus Hagander
Subject	Re: Why running an RDBMS as a superuser is a Bad Thing
Date	February 9, 2005 13:25:38
Msg-id	6BCB9D8A16AC4241919521715F4D8BCE47680F@algol.sollentuna.se Whole thread Raw
In response to	Why running an RDBMS as a superuser is a Bad Thing (Ian Barwick <barwick@gmail.com>)
List	pgsql-advocacy

Tree view

> MySQL AB explains:
> http://dev.mysql.com/tech-resources/articles/securing_mysql_wi
> ndows.html#part11

Indeed. I wonder when they'll change the default.

I also wonder why the service account needs Full Control on it's own
.EXE files. That seems highly dangerous. PostgreSQL adds explicit
deny-write permissions to itself on these files ;-) And only change on
the data files, no need for full control.

You will also notice they recommend you to use NT based systems (same as
pg), use NFTS (same as pg), no remote tcpip (same as pg)... Only pg does
it by default :-)

//Magnus

pgsql-advocacy by date:

From: Ian Barwick
Date: 09 February 2005, 10:59:33
Subject: Why running an RDBMS as a superuser is a Bad Thing

From: David Fetter
Date: 09 February 2005, 19:24:22
Subject: Re: Linux World Boston

Re: Why running an RDBMS as a superuser is a Bad Thing - Mailing list pgsql-advocacy

Previous

Next