Hi, FYI, the Column List documentation [1] says ------ However, do not rely on this feature for security: a malicious subscriber is able to obtain data from columns that are not specifically published. If security is a consideration, protections can be applied at the publisher side. ------
IIRC, this was something to do with how the COPY done by the initial table sync might be manipulated by a malicious subscriber. I think you can find more details about this in the original thread when Column Lists were introduced. e.g. try searching this [2] thread for the word "security". ====== [1] https://www.postgresql.org/docs/current/logical-replication-col-lists.html [2] https://www.postgresql.org/message-id/flat/CAH2L28vddB_NFdRVpuyRBJEBWjz4BSyTB%3D_ektNRH8NJ1jf95g%40mail.gmail.com Kind Regards, Peter Smith. Fujitsu Australia
