Forum: Ruby on Rails Best way to securely connect to remote Postgres server from Rails.

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
12d36dd93362054c38e8cb7e71f58802?d=identicon&s=25 Eric Hayes (Guest)
on 2014-02-15 22:48
(Received via mailing list)
I'm wonder how most people securely connect to a Postgres database on a
server separate from the app server.

The ActiveRecord docs for a MySQL connection have explicit SSL options,
whereas with Postgres it seems one would pass SSL options as documented
for
libpq.

However a quick Googling returns SO threads with suggestions to use SSH
tunnels. Which I guess could be managed with something like AutoSSH.

I'd love to hear from anyone with experience with this. Is one method
faster than the other, or easier to maintain? —Thanks!
Af2ce6689213fdb78913a9662b18da6b?d=identicon&s=25 Rick Lloyd (ricklloyd)
on 2014-02-17 01:57
(Received via mailing list)
On Saturday, February 15, 2014 4:46:54 PM UTC-5, Eric Hayes wrote:
> tunnels. Which I guess could be managed with something like AutoSSH.
>
> I'd love to hear from anyone with experience with this. Is one method
> faster than the other, or easier to maintain? —Thanks!
>

If your remote PostgreSQL server has ssl capability compiled in (look
for
Secure TCP/IP Connections with SSL in the PostgreSQL docs), this would
be
the preferred way to go. The connection status is visible to your app
because the secure channel is established between libpg and the remote
host. Running through an SSH tunnel has the added baggage of startup and
health monitoring, along with a restart policy as required. There may
also
be a run time penalty (not sure on this one) on communication cost. In
either case, you want to use an MD5 password to establish the connection
to
the server.

You should probably get familiar with the normal PostgreSQL options and
start a conversation with your server provider.

Rick
12d36dd93362054c38e8cb7e71f58802?d=identicon&s=25 Eric Hayes (Guest)
on 2014-02-21 01:25
(Received via mailing list)
Thanks for your insight, Rick. I am the server provider :)
This topic is locked and can not be replied to.