Home > mailing lists

Re: Feature Recommendations for Logical Subscriptions - Mailing list pgsql-hackers

From	Peter Smith
Subject	Re: Feature Recommendations for Logical Subscriptions
Date	April 11 01:10:12
Msg-id	CAHut+Ps-fWX+L=oGidXFxpBf532Zk18Ju9wvZqpbdi=5pp9BBg@mail.gmail.com Whole thread Raw
In response to	Re: Feature Recommendations for Logical Subscriptions ("YeXiu" <1518981153@qq.com>)
Responses	Re: Feature Recommendations for Logical Subscriptions
List	pgsql-hackers

Tree view

Hi,

FYI, the Column List documentation [1] says
------
However, do not rely on this feature for security: a malicious
subscriber is able to obtain data from columns that are not
specifically published. If security is a consideration, protections
can be applied at the publisher side.
------

IIRC, this was something to do with how the COPY done by the initial
table sync might be manipulated by a malicious subscriber. I think you
can find more details about this in the original thread when Column
Lists were introduced. e.g. try searching this [2] thread for the word
"security".

======
[1] https://www.postgresql.org/docs/current/logical-replication-col-lists.html
[2] https://www.postgresql.org/message-id/flat/CAH2L28vddB_NFdRVpuyRBJEBWjz4BSyTB%3D_ektNRH8NJ1jf95g%40mail.gmail.com

Kind Regards,
Peter Smith.
Fujitsu Australia

pgsql-hackers by date:

From: Ranier Vilela
Date: 11 April, 00:45:42
Subject: Re: Non-text mode for pg_dumpall

From: David Rowley
Date: 11 April, 01:10:34
Subject: Re: Improve a few appendStringInfo calls new to v18

Re: Feature Recommendations for Logical Subscriptions - Mailing list pgsql-hackers

Previous

Next