We recently moved to Heroku and upon attempting to connect our apps to the DB, it kept rejecting our queries with the message "Self signed certificate". Passing in rejectUnauthorized solved for this but now I'm wondering, should we be doing this in production? If not, what is the appropriate way for us to be connecting to our Heroku PG Databases?
const pgp = require('pg-promise')(/*initOptions*/);
const {ConnectionString} = require('connection-string');
const cnObj = new ConnectionString(process.env.DATABASE_URL);
const cn = {
host: cnObj.hostname,
port: cnObj.port,
database: cnObj.path?.[0],
user: cnObj.user,
password: cnObj.password,
ssl: {
rejectUnauthorized: false,
},
};
const db = pgp(cn);
from Is it ok to be setting rejectUnauthorized to false in production PostgreSQL connections?
No comments:
Post a Comment