| ▲ | dmurray 2 hours ago | |
Doesn't it also make sense in the context of modern networking assumptions? I've never had to connect to PostGres in an adversarial environment. I've been at work or at home and I connected to PostGres instances owned by me or my employer. If I tried to connect to my work instance from a coffee shop, the first thing I'd do would be to log in to a VPN. That's your multiplexed protocol layer right there: the security happens at the network layer and your cancel happens at the application layer. This is a different situation from websites. I connect to websites owned by third parties all the time, and I want my communication there to be encrypted at the application layer. | ||
| ▲ | xmcqdpt2 an hour ago | parent | next [-] | |
Zero trust security which is becoming increasingly common is based on removing the internal / external network dichotomy entirely. Everything should be assumed to be reachable from the open internet (so SSO, OIDC everywhere.) | ||
| ▲ | gruez an hour ago | parent | prev [-] | |
>I've never had to connect to PostGres in an adversarial environment. heroku's postgres database service still exposes itself on the public internet. | ||