Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wVVlc-0020v1-1o
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 05 Jun 2026 14:43:24 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wVVla-00CxKv-2E
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 05 Jun 2026 14:43:22 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1wVVla-00CxKn-1K
	for pgsql-hackers@lists.postgresql.org;
	Fri, 05 Jun 2026 14:43:22 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1wVVlY-00000001Fgr-2bHP
	for pgsql-hackers@lists.postgresql.org;
	Fri, 05 Jun 2026 14:43:21 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.18.1/8.18.1) with ESMTP id 655EhGBB3592597;
	Fri, 5 Jun 2026 10:43:16 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Fujii Masao <masao.fujii@gmail.com>
cc: Chao Li <li.evan.chao@gmail.com>,
        Postgres hackers <pgsql-hackers@lists.postgresql.org>,
        vignesh C <vignesh21@gmail.com>
Subject: Re: Prevent remote libpq notices from being sent to clients
In-reply-to: 
 <CAHGQGwH8De4O1mBZRHWATngQOqCb+1p741DW1rBKgWu2wkfaLw@mail.gmail.com>
References: <396C3BEE-CD4D-450A-8D28-E708E9AA4075@gmail.com>
 <CAHGQGwH8De4O1mBZRHWATngQOqCb+1p741DW1rBKgWu2wkfaLw@mail.gmail.com>
Comments: In-reply-to Fujii Masao <masao.fujii@gmail.com>
	message dated "Fri, 05 Jun 2026 23:28:44 +0900"
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-ID: <3592595.1780670596.1@sss.pgh.pa.us>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 05 Jun 2026 10:43:16 -0400
Message-ID: <3592596.1780670596@sss.pgh.pa.us>
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/3592596.1780670596%40sss.pgh.pa.us>
Precedence: bulk

Fujii Masao <masao.fujii@gmail.com> writes:
> On Fri, Jun 5, 2026 at 6:32=E2=80=AFPM Chao Li <li.evan.chao@gmail.com> =
wrote:
>> So remote messages should only be output to the server log, but current=
ly they can leak to the client if client_min_messages is set to log.

> I'm not sure whether it's good idea to add this limitation.

I was just about to answer saying that I didn't think so.  I'm
concerned that there might be no other way to obtain such output.
It's likely that the remote server doesn't log NOTICE-level messages,
and even if it does, you might not have access to its log.

Also, I don't buy the argument that this is a "leak": if the remote
server was willing to send the message to its client, it doesn't think
that the message is security-critical.

What I think there might be a good case for is to use the same ereport
level that was used to issue the remote's message, rather than always
LOG level.  I'm not sure if we can reconstruct that completely, but we
can certainly tell NOTICE from WARNING, for instance.

			regards, tom lane