Hacker News new | ask | show | jobs
by adam_gyroscope 1356 days ago
(co-author) - `prefer` is... not great. That'll silently fall back to an unencrypted connection without warning the user.

If you are the one using a programming library directly, you may know that `prefer` does this. If you are using a client that doesn't expose this to you, you may not know that you are using an unencrypted connection after you had set ssl on.
2 comments
mistrial9 1356 days ago
do you understand that Postgres devs have been all over this since (likely) the time you were born? The conventional, real and actual servers that matter are generally not at all visible on the Internet, period. Because they know this.. its like this paper tests servers that dont care, and declare the entire product unsecure. Bad take, scare-mongering
link
RL_Quine 1356 days ago
Who cares though? All connections to SQL servers are going to be localhost or over a VPN, if your setup for postgres has a SSL certificate you're doing something terribly wrong to begin with. I'm not even sure why the option exists to begin with, there's no use case.
link
outworlder 1354 days ago
> if your setup for postgres has a SSL certificate you're doing something terribly wrong to begin with.

No, that's a bad take. We should encrypt everything. The reasoning for not doing so in the past was computing power. Nowadays, that's really not a problem. Even my personal servers in my home network are all operating with encrypted links - because why the heck not? At work, everything that can be encrypted is encrypted, otherwise it's a bug. Even if currently 'there's no way' for attackers to get to that particular network. Emphasis on "currently". We shouldn't be a compromise away from leaking everything. Defense in depth.

Plus, the more you are familiar with setting up encryption, the less tempted you are going to be to cut corners when you are setting up something that's at a higher risk.

link
orev 1356 days ago
Many places have security policies that require all traffic to be encrypted, even over local networks.
link
thayne 1356 days ago
So in that case, require ssl. But, that probably shouldn't be the default.
link
RL_Quine 1356 days ago
So, a VPN then?
link
orev 1356 days ago
A VPN generally connects networks, so that’s probably overkill for a database connection, but sure you could use one. Or something like stunnel, etc. or you could just use the built in feature already in Postgres. Why such resistance to simply having this option?
link
RL_Quine 1356 days ago
It’s something akin to a layer violation to have a database server running openssl and encrypting its own communication. It isn’t it’s business at all.
link
imtringued 1356 days ago
This is one of the most disappointing hackernews submissions I have seen in a while. I use a private CA and client certificate authentication. It might be overkill but it is easy to implement.
link