[koollman]

That's a strange take on the subject of db servers and ssl usage. Most db servers shouldn't be accessible on internet, which skews the announced result a lot. And, obviously, clients and servers generally won't require ssl by default, because it would make no sense in most situations. (but at least the 'prefer' default setting is mentionned) Requiring a certificate to run the server isn't something that is likely to become the default setting for a while...

[_bohm]

I think the announced results are specifically referring to servers available on the internet.

[OJFord]

That's GP's point, that's already a 'smell' (in the strict 'hm, that seems suspiciously like it might not be right' sense).

[adam_gyroscope]

(co-author) - `prefer` is... not great. That'll silently fall back to an unencrypted connection without warning the user.

If you are the one using a programming library directly, you may know that `prefer` does this. If you are using a client that doesn't expose this to you, you may not know that you are using an unencrypted connection after you had set ssl on.

[mistrial9]

do you understand that Postgres devs have been all over this since (likely) the time you were born? The conventional, real and actual servers that matter are generally not at all visible on the Internet, period. Because they know this.. its like this paper tests servers that dont care, and declare the entire product unsecure. Bad take, scare-mongering

[RL_Quine]

Who cares though? All connections to SQL servers are going to be localhost or over a VPN, if your setup for postgres has a SSL certificate you're doing something terribly wrong to begin with. I'm not even sure why the option exists to begin with, there's no use case.

[outworlder]

> if your setup for postgres has a SSL certificate you're doing something terribly wrong to begin with.

No, that's a bad take. We should encrypt everything. The reasoning for not doing so in the past was computing power. Nowadays, that's really not a problem. Even my personal servers in my home network are all operating with encrypted links - because why the heck not? At work, everything that can be encrypted is encrypted, otherwise it's a bug. Even if currently 'there's no way' for attackers to get to that particular network. Emphasis on "currently". We shouldn't be a compromise away from leaking everything. Defense in depth.

Plus, the more you are familiar with setting up encryption, the less tempted you are going to be to cut corners when you are setting up something that's at a higher risk.

[orev]

Many places have security policies that require all traffic to be encrypted, even over local networks.

[thayne]

So in that case, require ssl. But, that probably shouldn't be the default.

[RL_Quine]

So, a VPN then?

[orev]

A VPN generally connects networks, so that’s probably overkill for a database connection, but sure you could use one. Or something like stunnel, etc. or you could just use the built in feature already in Postgres. Why such resistance to simply having this option?

[RL_Quine]

It’s something akin to a layer violation to have a database server running openssl and encrypting its own communication. It isn’t it’s business at all.

[chasil]

Still, Oracle is the worst.

All the SQL transit is cleartext by default.

A "wallet" can be defined for TLS, but the Oracle Instant Client doesn't (appear to) support this functionality.

I push all my local Oracle database links over stunnel.

Oracle SQL Developer even has an SSH pane, because wallets are so very unusable.