Re: Minimising windows installer password confusion

On 06/12/2012 08:48 PM, Dave Page wrote:
> I'm not keen on adding additional user accounts - that's a security 
> problem imho.
It's also an issue for add-ons like PgAgent that aren't necessarily tied 
to one exact version of Pg.
>> That makes sense.  I just think we should try very hard to make the
>> installer "just work" to the extent possible, rather than trying to
>> direct the user in how to use system tools in the middle of the
>> process.
> Right - that's what always aim to do (and in fact was the number one
> driver behind the current generation of installers), and provided the
> user remembers their password it works just fine.
Users don't remember passwords, though. It's one of those constants, and 
is why practically every web site etc out there offers password recovery.

The installer IMO needs to store the postgres account password in a 
registry key with permissions set so that only users with local admin 
rights (ie: who can use the installer) can view it. I don't like the 
idea of storing a password, but it's only going to be accessible if you 
already have rights to the registry as local admin, in which case the 
attacker can just reset it themselves (or root your machine). So long as 
they installer warns that the password shouldn't be one you use 
elsewhere because it can be recovered from your computer, I don't see a 
problem.---

--
Craig Ringer




POST Newspapers
276 Onslow Rd, Shenton Park
Ph: 08 9381 3088     Fax: 08 9388 2258
ABN: 50 008 917 717
http://www.postnewspapers.com.au/