I'm wonder how most people securely connect to a Postgres database on a server separate from the app server. The ActiveRecord docs for a MySQL connection have explicit SSL options, whereas with Postgres it seems one would pass SSL options as documented for libpq. However a quick Googling returns SO threads with suggestions to use SSH tunnels. Which I guess could be managed with something like AutoSSH. I'd love to hear from anyone with experience with this. Is one method faster than the other, or easier to maintain? —Thanks!
on 2014-02-15 22:48
on 2014-02-17 01:57
On Saturday, February 15, 2014 4:46:54 PM UTC-5, Eric Hayes wrote: > tunnels. Which I guess could be managed with something like AutoSSH. > > I'd love to hear from anyone with experience with this. Is one method > faster than the other, or easier to maintain? —Thanks! > If your remote PostgreSQL server has ssl capability compiled in (look for Secure TCP/IP Connections with SSL in the PostgreSQL docs), this would be the preferred way to go. The connection status is visible to your app because the secure channel is established between libpg and the remote host. Running through an SSH tunnel has the added baggage of startup and health monitoring, along with a restart policy as required. There may also be a run time penalty (not sure on this one) on communication cost. In either case, you want to use an MD5 password to establish the connection to the server. You should probably get familiar with the normal PostgreSQL options and start a conversation with your server provider. Rick
on 2014-02-21 01:25
Thanks for your insight, Rick. I am the server provider :)