Do you need ssl for connection between mongolab and heroku? Do you need ssl for connection between mongolab and heroku? heroku heroku

Do you need ssl for connection between mongolab and heroku?


node.js heroku mongoose mlab

From MongoLab's documentation:

Securing communications to your database

You should always try to place your application infrastructure and your database in the same local network (i.e., datacenter / cloud region), as it will be the most secure method of deployment and will minimize latency between your application and database.

When you connect to your MongoLab database from within the same datacenter/region, you communicate over your cloud hosting provider’s internal network. All of our cloud hosting providers provide a good deal of network security infrastructure to isolate tenants. The hypervisors used do not allow VMs to read network traffic addressed to other VMs and so no other tenant can “sniff” your traffic.

However, when you connect to your MongoLab database from a different datacenter/region, your communications are less secure. While your database does require username / password authentication (with credentials that are always encrypted on the network), the rest of your data is transmitted unencrypted over the open internet. As such you are potentially vulnerable to others “sniffing” your traffic.

Using MongoDB with SSL connections

Available for Dedicated plans running MongoDB 2.6+ only

To further secure communications to your database, MongoLab offers SSL-encrypted MongoDB connections on Dedicated plans running MongoDB 2.6 or later. Even when using SSL, we still recommend placing your application infrastructure and your database in the same datacenter/region to minimize latency and add another layer of security.

node.js heroku mongoose mlab

I did the same thing as you and sent email to ask mongolab for detail. I got the answer, sharing it with you and hope it can help you.The below is the reply.

As long as your Heroku app and MongoLab database are in the same cloud region, we consider it safe to communicate between Heroku and MongoLab, as AWS' infrastructure prevents packet-sniffing within regions. If you use the MongoLab addon on Heroku this is automatic, but if you use a deployment provisioned directly at mongolab.com you'll need to manually select the matching region.

It looks like the connection between heroku and mongolab is in the same region. Both are secured by AWS so I guesss you don't need SSL. If you need it to be very safe, you still need SSL for extra security.

Hope it can help

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last