How secure is using RDS Postgres with Heroku? [closed]

But how secure is it? Can't somebody just log into my database?

Not without the password (assuming you're using MD5 auth), which is only transmitted in hashed form. This isn't particularly strong; there's no two-way handshake and it's prone to replay attacks. So you should use SSL too.

Can't they just snoop traffic?

Not if you use SSL, which you should. The attacker would have to be able to intercept the traffic though, so even if you send your traffic in the clear it's not like Joe Average can just take a peek.

Is it any less secure than if I were to use the standard Postgres with Heroku?

Probably much the same so long as you use SSL connections - but note that I'm not an expertise in Heroku's architecture.

The main thing that'd make a difference would be if Heroku isolated the app dynos and the database nodes using a security group so that the database nodes couldn't talk to the outside world or receive connections from anywhere except the dynos. They don't do that, since you can connect to your DBs directly over SSL.

Is encryption at rest good enough?

Not if you're using MD5 password authentication, no. You should use SSL.

FYI: There is no way to force use SSL with postgres on RDS

Not server-side (which is stupid, they should let you configure hostssl and hostnossl entries in pg_hba.conf) but you can force it client-side, as you did in your example connection setup.

You could always use an EC2 instance directly, where you can configure PostgreSQL however you like. It's cheaper than using RDS too, but you have to manage your own backups, replication, etc.

I'm using Amazon RDS Postgres with my Heroku instance because it is more cost effective.

What's funny about that is that Heroku's database service is also based on AWS EC2.

Security tips:

• Do not use a superuser account for your application. The superuser should only be used manually for setup.

• If possible your application account should not own the tables; you should use a different account to run DDL. If your app uses a least-privileges account for normal operation you limit what attackers can do.

• If you can, put your database in an EC2 security group that is only accessible by your Heroku appservers and by your personal ISP. This limits exposure to things like password brute-force attacks, DoS attempts, etc. (This might not be possible; you'd need to know the EC2 security group IDs of your Heroku dynos, or the IP range(s) they use).

• Use long, randomly generated passwords for your application users

• Use SSL unless you're on a tightly access-controlled network. If you weren't using RDS, I'd tell you to use hostssl entries in pg_hba.conf so non-SSL connections are just denied. Since you're using RDS you just have to make sure client-side.

• (Less relevant for RDS, but): Apply patch releases promptly. Don't still be running 9.2.2 when 9.2.10 is out. On RDS this means prompt instance reboots when updates become available.