Thread: LISTEN/NOTIFY Security and the docs

LISTEN/NOTIFY Security and the docs

From
Chander Ganesan
Date:
Hi All,

I just realized that anyone can listen for notifications (using listen) 
so long as they know the "channel" name.  This means that a user could 
receive and view the payload for another user.

Perhaps it would be good to note this in the documentation (i.e., there 
should be no expectation of privacy/security when using listen/notify, 
so any user that can connect to a database could issue and receive 
notifications for any channel.)

thanks

-- 
Chander Ganesan
Open Technology Group, Inc.
11010 Lake Grove Blvd Ste. 100-307
Morrisville, NC  27560
919-463-0999/877-258-8987
http://www.otg-nc.com



Re: LISTEN/NOTIFY Security and the docs

From
Magnus Hagander
Date:
On Fri, May 18, 2012 at 5:08 PM, Chander Ganesan <chander@otg-nc.com> wrote:
> Hi All,
>
> I just realized that anyone can listen for notifications (using listen) so
> long as they know the "channel" name.  This means that a user could receive
> and view the payload for another user.
>
> Perhaps it would be good to note this in the documentation (i.e., there
> should be no expectation of privacy/security when using listen/notify, so
> any user that can connect to a database could issue and receive
> notifications for any channel.)

Might be worth a note, yes. The lack of a note really should tell you
that it's a broadcast, but it wouldn't hurt to have an extra one.

Want to prepare a patch?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/


Re: LISTEN/NOTIFY Security and the docs

From
Bruce Momjian
Date:
On Thu, May 24, 2012 at 01:03:18PM +0200, Magnus Hagander wrote:
> On Fri, May 18, 2012 at 5:08 PM, Chander Ganesan <chander@otg-nc.com> wrote:
> > Hi All,
> >
> > I just realized that anyone can listen for notifications (using listen) so
> > long as they know the "channel" name.  This means that a user could receive
> > and view the payload for another user.
> >
> > Perhaps it would be good to note this in the documentation (i.e., there
> > should be no expectation of privacy/security when using listen/notify, so
> > any user that can connect to a database could issue and receive
> > notifications for any channel.)
>
> Might be worth a note, yes. The lack of a note really should tell you
> that it's a broadcast, but it wouldn't hurt to have an extra one.
>
> Want to prepare a patch?

Attached documentation patch applied.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +

Attachment