Andrew Dunstan <andrew@dunslane.net> writes:
> Tom Lane wrote:
>> So? I don't follow why "run it as a service" isn't a sufficient answer,
>> and indeed the preferred way to do it.
> We don't know what the usage pattern is going to be on Windows - I think
> we need to keep it as flexible as possible consistent with good
> security.
Sure, but I draw the line at running Postgres with admin privileges.
"Flexibility is more important than security" is exactly the mindset
that has gotten Microsoft into their current bed of nails.
The fact that there is a perfectly usable solution on NT4 (the oldest
Windows version we have any intention of supporting) seems enough to
me. There are more usable solutions on newer versions. Fine. But
nowhere in here do I see a sufficient reason to allow known-insecure
operating practices.
I might be more willing to listen to other opinions on this if I were
rejecting a somewhat smaller volume of Microsoft-security-hole-spawned
spam and viruses every day. But in the current environment I don't see
how any sane person can argue that allowing insecure operation of a
network-exposed service is acceptable behavior.
regards, tom lane