John DeSoi <desoi@pgedit.com> writes:
>> 2.3) Why do I need a non-administrator account to run PostgreSQL under?
> Again, I think this is fine as the default, but it would be nice if it
> could be changed with a setting (rather than recompiling the source).
> Not all Windows users are dummies about security and need PostgreSQL to
> enforce security measures beyond those implemented on other platforms.
Sorry, but any Windows user who thinks he doesn't need security measures
equivalent to (not "beyond") minimum Unix practice is a dummy about
security. Take a look at this LOAD vulnerability we're in the midst of
patching, and ask yourself whether you aren't glad that it can't be used
to get admin privileges on your Windows box.
(John Heasman pointed out to me off-list that the LOAD hole *is* remotely
exploitable on Windows; details left as an exercise for the reader.)
regards, tom lane