Re: Column Filtering in Logical Replication - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Column Filtering in Logical Replication
Date
Msg-id d4670f87-70f9-732e-fa65-f77f31a6d492@enterprisedb.com
Whole thread Raw
In response to Re: Column Filtering in Logical Replication  (Alvaro Herrera <alvherre@alvh.no-ip.org>)
Responses Re: Column Filtering in Logical Replication
List pgsql-hackers
On 17.12.21 22:07, Alvaro Herrera wrote:
> So I've been thinking about this as a "security" item (you can see my
> comments to that effect sprinkled all over this thread), in the sense
> that if a publication "hides" some column, then the replica just won't
> get access to it.  But in reality that's mistaken: the filtering that
> this patch implements is done based on the queries that *the replica*
> executes at its own volition; if the replica decides to ignore the list
> of columns, it'll be able to get all columns.  All it takes is an
> uncooperative replica in order for the lot of data to be exposed anyway.

During normal replication, the publisher should only send the columns 
that are configured to be part of the publication.  So I don't see a 
problem there.

During the initial table sync, the subscriber indeed can construct any 
COPY command.  We could maybe replace this with a more customized COPY 
command variant, like COPY table OF publication TO STDOUT.

But right now the subscriber is sort of assumed to have access to 
everything on the publisher anyway, so I doubt that this is the only 
problem.  But it's worth considering.



pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: Addition of --no-sync to pg_upgrade for test speedup
Next
From: Peter Eisentraut
Date:
Subject: Re: PublicationActions - use bit flags.