| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com>, Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, vignesh C <vignesh21(at)gmail(dot)com> |
| Subject: | Re: Prevent remote libpq notices from being sent to clients |
| Date: | 2026-06-05 15:20:44 |
| Message-ID: | CAOYmi+nqE5ZoSEi9gJjVtEYS9xjVmELpfgedm5ajaEdSa=Hbpw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jun 5, 2026 at 7:43 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Also, I don't buy the argument that this is a "leak": if the remote
> server was willing to send the message to its client, it doesn't think
> that the message is security-critical.
I don't think the remote gets to decide that, in general. It's up to
the middle layer to know whether it's operating at the same level of
trust as the end client.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nazir Bilal Yavuz | 2026-06-05 15:54:44 | Re: Heads Up: cirrus-ci is shutting down June 1st |
| Previous Message | Lætitia AVROT | 2026-06-05 15:17:16 | Re: [Bug Report + Patch] File descriptor leak when io_method=io_uring |