Re: Why running an RDBMS as a superuser is a Bad Thing - Mailing list pgsql-advocacy

From Magnus Hagander
Subject Re: Why running an RDBMS as a superuser is a Bad Thing
Date
Msg-id 6BCB9D8A16AC4241919521715F4D8BCE47680F@algol.sollentuna.se
Whole thread Raw
In response to Why running an RDBMS as a superuser is a Bad Thing  (Ian Barwick <barwick@gmail.com>)
List pgsql-advocacy
> MySQL AB explains:
> http://dev.mysql.com/tech-resources/articles/securing_mysql_wi
> ndows.html#part11

Indeed. I wonder when they'll change the default.

I also wonder why the service account needs Full Control on it's own
.EXE files. That seems highly dangerous. PostgreSQL adds explicit
deny-write permissions to itself on these files ;-) And only change on
the data files, no need for full control.

You will also notice they recommend you to use NT based systems (same as
pg), use NFTS (same as pg), no remote tcpip (same as pg)... Only pg does
it by default :-)

//Magnus

pgsql-advocacy by date:

Previous
From: Ian Barwick
Date:
Subject: Why running an RDBMS as a superuser is a Bad Thing
Next
From: David Fetter
Date:
Subject: Re: Linux World Boston