On Tuesday, December 3, 2024, PG Doc comments form <nore...@postgresql.org> wrote:
> > I am interpreting this to mean that if I as user A receive a notification > to > a channel that I have set up, then user B and user C will also see this > notification, irrespective of their various permissions. Am I understanding > this correctly, and if so, doesn't this qualify as an information leak? > Maybe, but given that is the explicit design of the feature it isn’t something we are compelled to change. Don’t put sensitive data in the payload, or just don’t use the feature if the public permission-less broadcast behavior doesn’t work for you. David J.
