Use SSL to connect to Postgres database

NEW
Unassigned

Status

a year ago
a year ago

People

(Reporter: mcote, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
Heroku will soon require the use of SSL when connecting to Postgres databases (which is a good idea in any case).
(Reporter)

Comment 1

a year ago
According to https://devcenter.heroku.com/articles/heroku-postgres-ssl-brownouts there's likely nothing we need to do, as "sslmode" in libpq defaults to "prefer", and we're not overriding it.  Also pulseguardian-dev appears to be using modern infrastructure, and it is working fine (or at least was, until bug 1436901 surfaced, which I'm looking into).

We could force "sslmode" to "require" when running in heroku, although that is seemingly unnecessary.
(Reporter)

Comment 2

a year ago
Running "heroku pg:credentials:url DATABASE -a pulseguardian" has also indicated that we're running with sslmode as "require" (which I guess is what happens when you have it configured to "prefer" and the db supports SSL).
(In reply to Mark Côté [:mcote] from comment #1)
> We could force "sslmode" to "require" when running in heroku, although that
> is seemingly unnecessary.

`prefer` is close to `disable` in terms of security offered, see:
https://www.postgresql.org/docs/10/static/libpq-ssl.html#LIBPQ-SSL-PROTECTION
You need to log in before you can comment on or make changes to this bug.