Re: root/administartor user check option.
| От | Gevik Babakhani |
|---|---|
| Тема | Re: root/administartor user check option. |
| Дата | |
| Msg-id | 1153830968.1238.21.camel@voyager.truesoftware.net обсуждение исходный текст |
| Ответ на | root/administartor user check option. (Gevik Babakhani <pgdev@xs4all.nl>) |
| Список | pgsql-hackers |
Humm, perhaps it would be great learning curve for me to begin with something to be like a "Embedded PG for Windows" or "PG Light for Windows".......(Daydreaming now..........) On Tue, 2006-07-25 at 08:26 -0400, Alvaro Herrera wrote: > Gevik Babakhani wrote: > > > Removing or disabling the test without removing some of the dangerous > > > capabilities would be a major security hole. For example: postgres can > > > deliver to any authenticated user the contents of any text file on the > > > system that the database user can read. Do you want the responsibility > > > of allowing that for any file the administrator can read? No, I thought > > > not. Neither do we. > > > > True. This means that one just cannot "copy over" PG files and run the > > database without creating additional users and services. > > > > Just looking at how much windows standalone apps are being developed > > which potentially could use an "embedded" or "light" version of PG, I > > still think the option should be considered. Perhaps in a more > > restricted or striped-down version of PG. (PG Light or something). > > Postgres is BSD, so feel free to create and "Insecure Postgres" and > distribute however you like. > > Note that pg_ctl contains code to be started as admin and drop the > privileges early. That may be able to satisfy your requirements without > being extremely insecure. >
В списке pgsql-hackers по дате отправления: