| From: | PG Doc comments form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-docs(at)lists(dot)postgresql(dot)org |
| Cc: | zack02469(at)yahoo(dot)com |
| Subject: | Does NOTIFY leak information? |
| Date: | 2024-12-04 00:02:10 |
| Message-ID: | 173327053032.2556775.7769678074539788118@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/17/sql-notify.html
Description:
Hi,
The documentation (https://www.postgresql.org/docs/17/sql-notify.html) for
the NOTIFY command begins with the following statements:
The NOTIFY command sends a notification event together with an optional
“payload” string to each client application that has previously executed
LISTEN channel for the specified channel name in the current database.
Notifications are visible to all users.
I am interpreting this to mean that if I as user A receive a notification to
a channel that I have set up, then user B and user C will also see this
notification, irrespective of their various permissions. Am I understanding
this correctly, and if so, doesn't this qualify as an information leak?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2024-12-04 13:34:52 | Re: Does NOTIFY leak information? |
| Previous Message | Michael Paquier | 2024-12-03 07:23:31 | Re: pg_createsubscriber: publication-name and subscription-name options do not exist |