Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Heroku Postgres – after all those years – still is vulnerable to MITM attacks. You can't reliably verify the authenticity of the connection between Heroku's Dyno and the Postgres database.

They use self-signed certificates on Heroku Postgres servers without a certificate authority present in the chain. No chance to establish reliable peer verification. A shame, I would love to use Heroku more often without compromising security.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: