|
|
|
|
|
|
by agwa
3656 days ago
|
|
|
The blog post raises several distinct issues. Heroku's poor configuration is the most significant issue, but it's also concerning that Postgres is insecure by default, and supports several different options to sslmode with confusingly-similar names, only one of which is secure under normal circumstances. That's a recipe for developers and database administrators to shoot themselves in the foot. If Postgres had been secure by default, it might have saved Heroku from making this mistake. |
|
|