Home > mailing lists

Re: Does NOTIFY leak information? - Mailing list pgsql-docs

From	David G. Johnston
Subject	Re: Does NOTIFY leak information?
Date	December 4 19:34:52
Msg-id	CAKFQuwbe4WQwjyYmy7F_+rgWcybi1YEydwpOE3j+sWDp5izhyg@mail.gmail.com Whole thread Raw
In response to	Does NOTIFY leak information? (PG Doc comments form <noreply@postgresql.org>)
List	pgsql-docs

Tree view

On Tuesday, December 3, 2024, PG Doc comments form <noreply@postgresql.org> wrote:

I am interpreting this to mean that if I as user A receive a notification to
a channel that I have set up, then user B and user C will also see this
notification, irrespective of their various permissions. Am I understanding
this correctly, and if so, doesn't this qualify as an information leak?

Maybe, but given that is the explicit design of the feature it isn’t something we are compelled to change. Don’t put sensitive data in the payload, or just don’t use the feature if the public permission-less broadcast behavior doesn’t work for you.

David J.

pgsql-docs by date:

From: PG Doc comments form
Date: 04 December, 06:02:10
Subject: Does NOTIFY leak information?

From: Greg Sabino Mullane
Date: 04 December, 21:56:49
Subject: Re: Does NOTIFY leak information?

Re: Does NOTIFY leak information? - Mailing list pgsql-docs

Previous

Next