Closed
Bug 1436899
Opened 6 years ago
Closed 5 years ago
Use SSL to connect to Postgres database
Categories
(Webtools :: Pulse, enhancement)
Webtools
Pulse
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: mcote, Unassigned)
References
Details
Heroku will soon require the use of SSL when connecting to Postgres databases (which is a good idea in any case).
Reporter | ||
Comment 1•6 years ago
|
||
According to https://devcenter.heroku.com/articles/heroku-postgres-ssl-brownouts there's likely nothing we need to do, as "sslmode" in libpq defaults to "prefer", and we're not overriding it. Also pulseguardian-dev appears to be using modern infrastructure, and it is working fine (or at least was, until bug 1436901 surfaced, which I'm looking into). We could force "sslmode" to "require" when running in heroku, although that is seemingly unnecessary.
Reporter | ||
Comment 2•6 years ago
|
||
Running "heroku pg:credentials:url DATABASE -a pulseguardian" has also indicated that we're running with sslmode as "require" (which I guess is what happens when you have it configured to "prefer" and the db supports SSL).
Comment 3•6 years ago
|
||
(In reply to Mark Côté [:mcote] from comment #1) > We could force "sslmode" to "require" when running in heroku, although that > is seemingly unnecessary. `prefer` is close to `disable` in terms of security offered, see: https://www.postgresql.org/docs/10/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION
Comment 4•6 years ago
|
||
The brownout occurred here: https://papertrailapp.com/systems/pulseguardian/events?focus=900501047435526185
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•