-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add various SSL modes #34
Conversation
2540ee7
to
5d35e30
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello! Thank you for this and the detail you've gone into here.
After reading the documentation I no longer know what the correct configuration is. Why is it that it's called verify and enabled when the others talk of a "require"? How do they match up? What's the optimal configuration?
If you're not able to understand the correct configuration by reading the README, it means the README is badly worded! I'll cook another version and come back with it 🙂 To answer your question, I wanted to stick with standard PG connection URI, so that's why there's |
Gosh that's confusing, I feel both Erlang and PostgreSQL could have done better here! I think the most important thing for me is that it's clear what the optimal and most secure option is, and that it's the default to prevent people accidentally being insecure. Thanks again |
Is there any progress on this? 👀 Using hosted postgres services like neon.tech or xata.io requires developers to set ssl options 👍🏻 |
5d35e30
to
8ea17b4
Compare
It took me long time, but I think it's finally in a much better way than before. Tell me @lpil if it seems better to you, or if you think there's still things to change. |
da4c813
to
164cf1e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking super nice! I've left 1 bike-sheddy question below.
Could you also add annotations to all the functions please, some are missing the return annotation.
SslEnabled | ||
/// Disable SSL connection. | ||
SslDisabled | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bike shedding on names here!
It kinda sounds like "disabled" is more safe than "unsafe", but I would have thought that enabled > verified but unchecked > unverified. Is that right? Could the names get scarier and uglier as they get less secure?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea is SslEnabled
> SslUnsafe
> SslDisabled
. Maybe we can use SslVerified
> SslUnverified
> SslDisabled
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implemented this.
Thank you for the work on this! Just wanted to add that it should fix issues like this one from squirrel with connecting to DBs that require SSL, since currently the Hope this can be added soon! |
8e58f51
to
e03115b
Compare
e03115b
to
486fd3a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!!!
Hi!
Continuing on my work on PGO, I think it would be better to support the diverse options supported by PG, to try to get a 1:1 support of connection strings, but also to solve common problems when people don't know how to handle CA certificates. More arguments:
As I suspected here, but it seems to be a common issue across PG users. For example,
node-pg
assumes user is in modesslmode=require
when activating SSL. Digital Ocean too recommend to usesslmode=require
by default. If we don't support the different modes, I'm afraid we'll have a lot of issues because providers assumes whether users are powerful DevOps, able to manage CA certificates by hand, or they will just bypass SSL security. Or we'll have a lot of education to do.Talking about education, while I think it's important to let users be able to do what they want, I think it's important to do things right on security. README now includes a full section on SSL, and how it should be configured. I'm not sure it's desired here. Maybe we should have it in a separated doc, and reference it in
gleam.toml
docs section? I'm afraid people won't read it then. 😂