On Wed, Dec 4, 2024 at 8:03 AM PG Doc comments form <nore...@postgresql.org> wrote:
> I am interpreting this to mean that if I as user A receive a notification > to > a channel that I have set up, then user B and user C will also see this > notification, irrespective of their various permissions. Am I understanding > this correctly, and if so, doesn't this qualify as an information leak? > No: it is a public broadcast, with no permissions implied (or allowed!). However, you can certainly store sensitive information elsewhere (e.g. a table), and use the notification as a way of signalling "hey, check the secure drop box, I just put something inside there" If you still feel the docs are unclear about this, we are always welcome to wording suggestions. Cheers, Greg
