| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | "zack02469(at)yahoo(dot)com" <zack02469(at)yahoo(dot)com>, "pgsql-docs(at)lists(dot)postgresql(dot)org" <pgsql-docs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Does NOTIFY leak information? |
| Date: | 2024-12-04 13:34:52 |
| Message-ID: | CAKFQuwbe4WQwjyYmy7F_+rgWcybi1YEydwpOE3j+sWDp5izhyg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Tuesday, December 3, 2024, PG Doc comments form <noreply(at)postgresql(dot)org>
wrote:
>
> I am interpreting this to mean that if I as user A receive a notification
> to
> a channel that I have set up, then user B and user C will also see this
> notification, irrespective of their various permissions. Am I understanding
> this correctly, and if so, doesn't this qualify as an information leak?
>
Maybe, but given that is the explicit design of the feature it isn’t
something we are compelled to change. Don’t put sensitive data in the
payload, or just don’t use the feature if the public permission-less
broadcast behavior doesn’t work for you.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2024-12-04 15:56:49 | Re: Does NOTIFY leak information? |
| Previous Message | PG Doc comments form | 2024-12-04 00:02:10 | Does NOTIFY leak information? |