Re: Feature Recommendations for Logical Subscriptions

Another permission-related issue involves scenarios where multiple logical replication slots exist. If a replication slot grants full data access permissions and user accounts are not explicitly bound to specific slots, there could be security risks where accounts might connect to high-privilege replication slots, potentially leading to data security vulnerabilities.

YeXiu
1518981153(at)qq(dot)com

原始邮件


发件人：Amit Kapila <amit(dot)kapila16(at)gmail(dot)com&gt;
发件时间：2025年4月11日 12:00
收件人：Peter Smith <smithpb2250(at)gmail(dot)com&gt;
抄送：YeXiu <1518981153(at)qq(dot)com&gt;, pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org&gt;
主题：Re: Feature Recommendations for Logical Subscriptions

On Fri, Apr 11, 2025 at 3:40 AM Peter Smith wrote:
&gt;
&gt; FYI, the Column List documentation [1] says
&gt; ------
&gt; However, do not rely on this feature for security: a malicious
&gt; subscriber is able to obtain data from columns that are not
&gt; specifically published. If security is a consideration, protections
&gt; can be applied at the publisher side.
&gt; ------
&gt;
&gt; IIRC, this was something to do with how the COPY done by the initial
&gt; table sync might be manipulated by a malicious subscriber. I think you
&gt; can find more details about this in the original thread when Column
&gt; Lists were introduced. e.g. try searching this [2] thread for the word
&gt; "security".
&gt;

The same thing applies here as well. The only key difference is user
convenience in two ways: (a) when there are a lot of columns, say 100
columns, and user would like to send all data except 2 columns, (b)
adding new columns to table would require users to again run the DDL
to change the column list.

These are primarily the two pain points YeXiu wants us to solve.
YeXiu, if I misunderstood your intention, feel free to add.

--
With Regards,
Amit Kapila.