Participants
PG Bug reporting form
PG Bug reporting form
David G. Johnston
David G. Johnston
Greg Sabino Mullane
Greg Sabino Mullane
Attachments
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
Dec 04, 2024
#2David G. JohnstonDavid G. Johnstonto PG Bug reporting form (#1)
Dec 04, 2024
#3Greg Sabino MullaneGreg Sabino Mullaneto PG Bug reporting form (#1)
Dec 04, 2024

Does NOTIFY leak information?

Started by PG Bug reporting formover 1 year ago3 messagesdocs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/17/sql-notify.html
Description:

Hi,

The documentation (https://www.postgresql.org/docs/17/sql-notify.html) for
the NOTIFY command begins with the following statements:

The NOTIFY command sends a notification event together with an optional
“payload” string to each client application that has previously executed
LISTEN channel for the specified channel name in the current database.
Notifications are visible to all users.

I am interpreting this to mean that if I as user A receive a notification to
a channel that I have set up, then user B and user C will also see this
notification, irrespective of their various permissions. Am I understanding
this correctly, and if so, doesn't this qualify as an information leak?

#2David G. Johnston
David G. Johnston
david.g.johnston@gmail.com
In reply to: PG Bug reporting form (#1)
Re: Does NOTIFY leak information?

On Tuesday, December 3, 2024, PG Doc comments form <noreply@postgresql.org>
wrote:

I am interpreting this to mean that if I as user A receive a notification
to
a channel that I have set up, then user B and user C will also see this
notification, irrespective of their various permissions. Am I understanding
this correctly, and if so, doesn't this qualify as an information leak?

Maybe, but given that is the explicit design of the feature it isn’t
something we are compelled to change. Don’t put sensitive data in the
payload, or just don’t use the feature if the public permission-less
broadcast behavior doesn’t work for you.

David J.

#3Greg Sabino Mullane
Greg Sabino Mullane
greg@turnstep.com
In reply to: PG Bug reporting form (#1)
Re: Does NOTIFY leak information?

On Wed, Dec 4, 2024 at 8:03 AM PG Doc comments form <noreply@postgresql.org>
wrote:

I am interpreting this to mean that if I as user A receive a notification
to
a channel that I have set up, then user B and user C will also see this
notification, irrespective of their various permissions. Am I understanding
this correctly, and if so, doesn't this qualify as an information leak?

No: it is a public broadcast, with no permissions implied (or allowed!).
However, you can certainly store sensitive information elsewhere (e.g. a
table), and use the notification as a way of signalling "hey, check the
secure drop box, I just put something inside there"

If you still feel the docs are unclear about this, we are always welcome to
wording suggestions.

Cheers,
Greg

← Back to Topics