Re: [DOCS] Mysql -> Postgresql pitfalls
> > As a programmer, I personally would never write code that kept > > people from running things as root. I mean, what is the point? > > If someone roots your box, it's not our fault. Simple as that. I didn't say "require them to run as a non-root user". I said "Give them the choice to decide what is correct for their environment". In the case of apache, there are many internal webservers that are not exposed to the threat of the public internet; for such servers, it may be appropriate to run apache as root because it simplifies the administration and automation of tasks. But to do so, one has to know how to re-compile apache, which will exclude a lot of your basic garden variety administrators. Its very un-friendly programming. Chad ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster
Re: [DOCS] Mysql -> Postgresql pitfalls
> Hmmm? > > The point is something called security. There is no such thing as a "proper amount of security that is correct for all operating environments". > > apache with some BIG_SECURITY_HOLE defined in order to run as root, which means > > you can't just use the out of the box apache rpm. Its so stupid to write > > *extra* code that keeps people from doing something that isn't even > > fundamentally incorrect. > > This has no logic. Security is fundamental. No security is fundamentally > incorrect. Well, you could make a box very secure by unplugging all the LAN cables from it and putting it in a giant safe deposit box. However, I would say that such a machine would be fundamentally incorrect for most operating environments. Do you worry about whether or not someone snuck into your house at night and installed some sort of keyboard logging device onto your PC so that they can get your root password? Is that a "fundamental" part of your personal security? Probably not, because *that* would be illogical for most people to worry about. Many people run their machines with "+ +" in root's .rhosts file because it eases the task of doing administration. They work in a company where the box is behind a firewall on some public network and they need there computers to get real work done they don't want things like "security" to get in the way because nobody is trying to hack those machines. Chad ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [DOCS] Mysql -> Postgresql pitfalls
"Chad N. Tindel" <[EMAIL PROTECTED]> writes: >> If someone roots your box, it's not our fault. Simple as that. > I didn't say "require them to run as a non-root user". I said "Give them > the choice to decide what is correct for their environment". In the case > of apache, there are many internal webservers that are not exposed to the > threat of the public internet; for such servers, it may be appropriate to run > apache as root because it simplifies the administration and automation of > tasks. But to do so, one has to know how to re-compile apache, which will > exclude a lot of your basic garden variety administrators. Its very > un-friendly programming. If they don't know how to recompile apache, what are the odds that they are truly competent to decide that they can safely run it as root? Semi-competent people administering servers are the Achilles heel of the internet already. We are doing them a favor, not creating a problem, by preventing them from adopting insecure practices. regards, tom lane ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [DOCS] Mysql -> Postgresql pitfalls
On Sunday 03 August 2003 19:03, you wrote: > Many people run their machines with "+ +" in root's .rhosts file because it > eases the task of doing administration. They work in a company where the > box is behind a firewall on some public network and they need there > computers to get real work done they don't want things like "security" > to get in the way because nobody is trying to hack those machines. Can you send me the names and current employers of these "many people" so I can be sure I never do business with their companies and / or consider them for employment? Only slightly ;-) Ian Barwick [EMAIL PROTECTED] ---(end of broadcast)--- TIP 8: explain analyze is your friend
