Home > mailing lists

Does NOTIFY leak information? - Mailing list pgsql-docs

From	PG Doc comments form
Subject	Does NOTIFY leak information?
Date	December 4 06:02:10
Msg-id	173327053032.2556775.7769678074539788118@wrigleys.postgresql.org Whole thread Raw
Responses	Re: Does NOTIFY leak information? Re: Does NOTIFY leak information?
List	pgsql-docs

Tree view

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/17/sql-notify.html
Description:

Hi,

The documentation (https://www.postgresql.org/docs/17/sql-notify.html) for
the NOTIFY command begins with the following statements:

The NOTIFY command sends a notification event together with an optional
“payload” string to each client application that has previously executed
LISTEN channel for the specified channel name in the current database.
Notifications are visible to all users.

I am interpreting this to mean that if I as user A receive a notification to
a channel that I have set up, then user B and user C will also see this
notification, irrespective of their various permissions. Am I understanding
this correctly, and if so, doesn't this qualify as an information leak?

pgsql-docs by date:

From: Peter Smith
Date: 03 December, 11:58:04
Subject: Re: pg_createsubscriber: publication-name and subscription-name options do not exist

From: "David G. Johnston"
Date: 04 December, 19:34:52
Subject: Re: Does NOTIFY leak information?

Does NOTIFY leak information? - Mailing list pgsql-docs

Previous

Next