Closed Bug 1436899 Opened 6 years ago Closed 5 years ago

Use SSL to connect to Postgres database

Categories

(Webtools :: Pulse, enhancement)

Product:
Webtools
Component:
Pulse
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: mcote, Unassigned)

References

Details

Heroku will soon require the use of SSL when connecting to Postgres databases (which is a good idea in any case).
According to https://devcenter.heroku.com/articles/heroku-postgres-ssl-brownouts there's likely nothing we need to do, as "sslmode" in libpq defaults to "prefer", and we're not overriding it.  Also pulseguardian-dev appears to be using modern infrastructure, and it is working fine (or at least was, until bug 1436901 surfaced, which I'm looking into).

We could force "sslmode" to "require" when running in heroku, although that is seemingly unnecessary.
Running "heroku pg:credentials:url DATABASE -a pulseguardian" has also indicated that we're running with sslmode as "require" (which I guess is what happens when you have it configured to "prefer" and the db supports SSL).
(In reply to Mark Côté [:mcote] from comment #1)
> We could force "sslmode" to "require" when running in heroku, although that
> is seemingly unnecessary.

`prefer` is close to `disable` in terms of security offered, see:
https://www.postgresql.org/docs/10/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.