On Fri, 09 Jul 2004 08:14:55 -0400, Andrew Dunstan <andrew@dunslane.net> wrote:
> I originally left the 'running as root/administrator' check out of
> initdb for this reason. However, the flip side is that if nobody ever
> enforces a better way of doing things nothing will ever change. We don't
> run as root on Unix for a reason. It's hard to see that that reason
> applies less in the case of Windows. Are you prepared to take
> responsibility if someone finds a way to use postgres as a vector to
> subvert Windows machines? Me either.
If you're going to try to change the Windows user, rather than try to
work with what the Windows user expects, why do a Win32 port at all?
Just tell them (as someone here said not that long ago) that you'd be
crazy to expect Postgres to work well on Windows and suggest they
install Linux. :)
It is normal on Windows for users to have admin rights on the local
system. As much as this needs to be changed, you're not going to
change it. If you insist on not running on an account with admin
rights, you're just going to frustrate users
You could say "Windows is inherently insecure; refusing to run". That
would make the port much simpler. :)
A warning is appropriate I think.. but refusing to run is going
overboard. Just my two cents.
--
Steve Tibbett
stevex-pgsql@oakburl.net
