Forum: Ruby on Rails Best way to securely connect to remote Postgres server from Rails.

12d36dd93362054c38e8cb7e71f58802?d=identicon&s=25 Eric Hayes (Guest)
on 2014-02-15 22:48
(Received via mailing list)
I'm wonder how most people securely connect to a Postgres database on a
server separate from the app server.

The ActiveRecord docs for a MySQL connection have explicit SSL options,
whereas with Postgres it seems one would pass SSL options as documented
for
libpq.

However a quick Googling returns SO threads with suggestions to use SSH
tunnels. Which I guess could be managed with something like AutoSSH.

I'd love to hear from anyone with experience with this. Is one method
faster than the other, or easier to maintain? —Thanks!
Af2ce6689213fdb78913a9662b18da6b?d=identicon&s=25 Rick Lloyd (ricklloyd)
on 2014-02-17 01:57
(Received via mailing list)
On Saturday, February 15, 2014 4:46:54 PM UTC-5, Eric Hayes wrote:
> tunnels. Which I guess could be managed with something like AutoSSH.
>
> I'd love to hear from anyone with experience with this. Is one method
> faster than the other, or easier to maintain? —Thanks!
>

If your remote PostgreSQL server has ssl capability compiled in (look
for
Secure TCP/IP Connections with SSL in the PostgreSQL docs), this would
be
the preferred way to go. The connection status is visible to your app
because the secure channel is established between libpg and the remote
host. Running through an SSH tunnel has the added baggage of startup and
health monitoring, along with a restart policy as required. There may
also
be a run time penalty (not sure on this one) on communication cost. In
either case, you want to use an MD5 password to establish the connection
to
the server.

You should probably get familiar with the normal PostgreSQL options and
start a conversation with your server provider.

Rick
12d36dd93362054c38e8cb7e71f58802?d=identicon&s=25 Eric Hayes (Guest)
on 2014-02-21 01:25
(Received via mailing list)
Thanks for your insight, Rick. I am the server provider :)
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.