* james (ja...@mansionfamily.plus.com) wrote: > Well, the banks I've contracted at recently are all rather keen on > virtual desktops for developers, and some of those are terminal > services. We're a headache, and packaging up all the things we need > is a pain, so there is some mileage in buying grunty servers and > doing specific installs that are then shared, rather than making an > MSI generally available. > > Also I have experience of being given accounts for jenkins etc that > are essentially terminal services logins, and having these things > unable to maintain a software stack can effectively disqualify tech > we would otherwise use.
And what are the feelings security on these multi-user development environments? Is everyone on them trusted users, or are there untrusted / general accounts? The issue here is about how much effort to go to in order to secure the PostgreSQL system that is started up to do the regression tests. It's already set up to only listen on localhost and will run with only the privileges of the user running the tests. The concern is that another user on the same system could gain access to the account which is running the 'make check' by connecting over localhost to the PostgreSQL instance and being superuser there, which would allow executing commands, etc, as that other user (eg: with COPY PIPE). THanks, Stephen
signature.asc
Description: Digital signature