On Fri, May 18, 2012 at 5:08 PM, Chander Ganesan <chan...@otg-nc.com> wrote: > Hi All, > > I just realized that anyone can listen for notifications (using listen) so > long as they know the "channel" name. This means that a user could receive > and view the payload for another user. > > Perhaps it would be good to note this in the documentation (i.e., there > should be no expectation of privacy/security when using listen/notify, so > any user that can connect to a database could issue and receive > notifications for any channel.)
Might be worth a note, yes. The lack of a note really should tell you that it's a broadcast, but it wouldn't hurt to have an extra one. Want to prepare a patch? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
