The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/17/sql-notify.html Description:
Hi, The documentation (https://www.postgresql.org/docs/17/sql-notify.html) for the NOTIFY command begins with the following statements: The NOTIFY command sends a notification event together with an optional “payload” string to each client application that has previously executed LISTEN channel for the specified channel name in the current database. Notifications are visible to all users. I am interpreting this to mean that if I as user A receive a notification to a channel that I have set up, then user B and user C will also see this notification, irrespective of their various permissions. Am I understanding this correctly, and if so, doesn't this qualify as an information leak?
