On Fri, Jun 5, 2026 at 7:43 AM Tom Lane <[email protected]> wrote: > Also, I don't buy the argument that this is a "leak": if the remote > server was willing to send the message to its client, it doesn't think > that the message is security-critical.
I don't think the remote gets to decide that, in general. It's up to the middle layer to know whether it's operating at the same level of trust as the end client. --Jacob
