Re: root/administartor user check option.

Gevik Babakhani wrote:
>> This has been shot down many times before, and the arguments you are 
>> presenting are not new.
>>     
>
> Has there been a solution found for the arguments/issues. Is there any
> history about why at some point we decided to enforce the security
> option?
>
>
>   

There is nothing new about this. It it not a Windows specific 
requirement - we enforce it on all platforms and have long done so.


Removing or disabling the test without removing some of the dangerous 
capabilities would be a major security hole. For example: postgres can 
deliver to any authenticated user the contents of any text file on the 
system that the database user can read. Do you want the responsibility 
of allowing that for any file the administrator can read? No, I thought 
not. Neither do we.

Running Windows services as the admin user is just lazy and incompetent. 
The is no more polite word for it. And that goes for all services, not 
just postgres. The fact that it is a very widespread practice does not 
make it right - it does however tell you something about the level of 
security consciousness among both administrators and software developers 
in the Windows world. My understanding is that Microsoft now advises 
against this practice.

Short answer: the solution lies in educating the lazy and incompetent 
users and administrators, not in introducing dangerous insecurity into 
postgres.

cheers

andrew