| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | zack02469(at)yahoo(dot)com, pgsql-docs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Does NOTIFY leak information? |
| Date: | 2024-12-04 15:56:49 |
| Message-ID: | CAKAnmmKPYACSzM40w+Ue2T7kPFiG-Y6W26Kj3TPeSEmgEu63_A@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Wed, Dec 4, 2024 at 8:03 AM PG Doc comments form <noreply(at)postgresql(dot)org>
wrote:
> I am interpreting this to mean that if I as user A receive a notification
> to
> a channel that I have set up, then user B and user C will also see this
> notification, irrespective of their various permissions. Am I understanding
> this correctly, and if so, doesn't this qualify as an information leak?
>
No: it is a public broadcast, with no permissions implied (or allowed!).
However, you can certainly store sensitive information elsewhere (e.g. a
table), and use the notification as a way of signalling "hey, check the
secure drop box, I just put something inside there"
If you still feel the docs are unclear about this, we are always welcome to
wording suggestions.
Cheers,
Greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Doc comments form | 2024-12-05 14:33:16 | Formal Syntax of PL/pgSQL |
| Previous Message | David G. Johnston | 2024-12-04 13:34:52 | Re: Does NOTIFY leak information? |