Gevik Babakhani wrote:
>> This has been shot down many times before, and the arguments you are
>> presenting are not new.
>>
>
> Has there been a solution found for the arguments/issues. Is there any
> history about why at some point we decided to enforce the security
> option?
>
>
>
There is nothing new about this. It it not a Windows specific
requirement - we enforce it on all platforms and have long done so.
Removing or disabling the test without removing some of the dangerous
capabilities would be a major security hole. For example: postgres can
deliver to any authenticated user the contents of any text file on the
system that the database user can read. Do you want the responsibility
of allowing that for any file the administrator can read? No, I thought
not. Neither do we.
Running Windows services as the admin user is just lazy and incompetent.
The is no more polite word for it. And that goes for all services, not
just postgres. The fact that it is a very widespread practice does not
make it right - it does however tell you something about the level of
security consciousness among both administrators and software developers
in the Windows world. My understanding is that Microsoft now advises
against this practice.
Short answer: the solution lies in educating the lazy and incompetent
users and administrators, not in introducing dangerous insecurity into
postgres.
cheers
andrew