Musings about Entrepreneurship, Technology and Software Development

Accidental Technologist

  • Home
  • Contact
  • About
  • Still River Software

Ruby on Rails – Supporting SSL for PostgreSQL on Heroku

Tweet

For anyone who received this notice from Heroku:

Since 2016, all newly-provisioned Heroku Postgres databases have enforced the use of SSL to keep your data safe. However, one or more of your Postgres databases are running on legacy infrastructure, which does not enforce the use of SSL. In order to update your database to our security standards, and in response to potential impacts caused by Spectre and Meltdown, all databases – including those on legacy infrastructure – will be moved to our new Heroku PGX plans in a set of maintenances starting in March 2018 and concluding by April 2018. 

What Do I Need to Do
In preparation for these maintenances, please check that your applications are using SSL to connect to your Postgres database and enable SSL connections if needed. Instructions on how to perform these steps are available in Dev Center.

If you’re using Rails 4.1+ there is a support article on the Heroku Dev Center, that helps clarify making updates to our database.yml file. This allows customizing some connection behavior to PostgreSQL.

Some parts of the database.yml file that cannot be changed include:

You cannot use the config/database.yml to set any values found in ENV[‘DATABASE_URL’]. This is a list of attributes you cannot change:

  • adapter
  • database
  • username
  • password
  • host
  • port

But, what can be changed include sslmode. 

production:
  sslmode: require (disable|allow|prefer|require)
  pool: 15

I decided it would be helpful to reach out to Heroku to understand their guidance with regard to their notice. Their response:

If you’re using the pg gem, the default sslmode setting (and for libpq, the library that underpins it), is prefer – this means that should the server have SSL support, it will be used when the connection is established. This means there should be no action required, though if you wish, it’s worth a test with spinning up a staging environment with a non-legacy Postgres instance.

It seems if you’re using Ruby on Rails with the pg gem, you should be OK doing nothing but with brownout period scheduled, it’s probably a good idea to test during one of those times.

Heroku Support also indicated setting the environment variable PGSSLMODE would also override the default behavior for sslmode used by libpq.

It seems this is a notice which doesn’t effect a majority of Heroku customers and is a necessary and worthwhile upgrade. Hopefully this helps others as the public information available for this from Heroku is minimal.

Share this:

  • Google
  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • More
  • Pinterest
  • Tumblr
  • Pocket
  • Reddit

February 5, 2018 Posted in Ruby on Rails Tagged With: heroku, postgresql, Ruby on Rails

Micro.blog

Popular Posts

  • 10 Alternative Ruby Web Frameworks
  • 7 Resources Every JavaScript Developer Should Know
  • Setting up SQLite3 for Ruby on Rails Development
  • Running Rails 3 on Windows

Categories

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Latest Tweets

  • rbazinet
    @rbazinet
    RT @IndieHackers: If an aspiring indie hacker could only read one book on the topic, what book would you recommend? https://t.co/KfV7s2XAfe

    1 day ago
  • rbazinet
    @rbazinet
    Not the right time to consider a MacBook Pro at this point - Best & Worst Laptop Brands 2018 https://t.co/cy55gn2SRe

    3 days ago
  • rbazinet
    @rbazinet
    @zmoazeni what do you use for an desktop UI on Arch? I’ve not really considered Linux, not sure why. I’ve tried Rai… https://t.co/Qe0ZYhNELw

    3 days ago
  • rbazinet
    @rbazinet
    @zmoazeni Would you run Windows? I’ve been looking at the Thinkpad P51, Xeon proc.

    3 days ago
  • rbazinet
    @rbazinet
    I need a new laptop, really hoping Apple has some good news about fixing the MacBook Pro at a WWDC announcement. Ho… https://t.co/A1EEp5IK4S

    3 days ago

Tags

Agile Android Apple App Store ASP.NET MVC book bootstrapping Business conference Customer Service Droid X email entrepreneurship functional programming Google InfoQ InstantRails iOS iPad iPhone JavaScript mac microconf Microsoft mixergy mobile objective-c Open Source podcast pow rails Rails3 railsconf RSS Ruby Ruby on Rails scala sinatra Software swift twitter Windows WordPress WPEngine xcode

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Copyright © 2018 · Genesis Minimal Notebook on Genesis Framework · WordPress · Log in

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.