Search code examples
javascriptpostgresqlexpressherokuheroku-cli

Is there a way to disable security on heroku Postgres db?

My project doesn't involve any private information, so I don't care about vulnerabilities.

I am certain that the connection between the App/server and the DB is the problem. I tried to looking on Youtube and on Google, but the answers were outdated or they just didn't work for me. However, connecting to the database with heroku psql (cli) or connecting with pgAdmin4 using db creds and querying, creating tables works fine.

Following this guy's tutorial https://github.com/ousecTic/pern-deploy-tutorial

Errors:

const pool = new Pool({
    connectionString: process.env.DATABASE_URL,
    ssl: true,
});
------------------------------------------------------------------------
2022-02-12T11:02:33.058860+00:00 heroku[web.1]: State changed from starting to up
2022-02-12T11:02:34.275213+00:00 app[web.1]: node:internal/process/promises:265
2022-02-12T11:02:34.275240+00:00 app[web.1]: triggerUncaughtException(err, true /* fromPromise */);
2022-02-12T11:02:34.275241+00:00 app[web.1]: ^
2022-02-12T11:02:34.275241+00:00 app[web.1]: 
2022-02-12T11:02:34.275241+00:00 app[web.1]: Error: self signed certificate
2022-02-12T11:02:34.275242+00:00 app[web.1]: at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
2022-02-12T11:02:34.275242+00:00 app[web.1]: at TLSSocket.emit (node:events:520:28)
2022-02-12T11:02:34.275242+00:00 app[web.1]: at TLSSocket._finishInit (node:_tls_wrap:944:8)
2022-02-12T11:02:34.275243+00:00 app[web.1]: at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {
2022-02-12T11:02:34.275243+00:00 app[web.1]: code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
2022-02-12T11:02:34.275243+00:00 app[web.1]: }
-------------------------------------------------------------------------

const pool = new Pool({
  connectionString: process.env.DATABASE_URL,
});
------------------------------------------------------------------------------------
2022-02-12T11:19:13.660398+00:00 app[web.1]: { description: 'jhoipjo' } <<console.log() 
2022-02-12T11:19:13.681933+00:00 app[web.1]: no pg_hba.conf entry for host "3.86.151.70", user "user", database "database", SSL off
------------------------------------------------------------------------------------

const pool = new Pool({
    connectionString: process.env.DATABASE_URL,
    ssl: false,
});
------------------------------------------------------------------------------------

2022-02-12T11:58:50.711988+00:00 app[web.1]: /app/node_modules/pg-protocol/dist/parser.js:287
2022-02-12T11:58:50.712007+00:00 app[web.1]: const message = name === 'notice' ? new messages_1.NoticeMessage(length, messageValue) : new messages_1.DatabaseError(messageValue, length, name);
2022-02-12T11:58:50.712008+00:00 app[web.1]: ^
2022-02-12T11:58:50.712009+00:00 app[web.1]: 
2022-02-12T11:58:50.712010+00:00 app[web.1]: error: no pg_hba.conf entry for host "3.236.98.211", user "user", database "database", SSL off
2022-02-12T11:58:50.712010+00:00 app[web.1]: at Parser.parseErrorMessage (/app/node_modules/pg-protocol/dist/parser.js:287:98)
2022-02-12T11:58:50.712011+00:00 app[web.1]: at Parser.handlePacket (/app/node_modules/pg-protocol/dist/parser.js:126:29)
2022-02-12T11:58:50.712012+00:00 app[web.1]: at Parser.parse (/app/node_modules/pg-protocol/dist/parser.js:39:38)
2022-02-12T11:58:50.712013+00:00 app[web.1]: at Socket.<anonymous> (/app/node_modules/pg-protocol/dist/index.js:11:42)
2022-02-12T11:58:50.712014+00:00 app[web.1]: at Socket.emit (node:events:520:28)
2022-02-12T11:58:50.712014+00:00 app[web.1]: at addChunk (node:internal/streams/readable:315:12)
2022-02-12T11:58:50.712014+00:00 app[web.1]: at readableAddChunk (node:internal/streams/readable:289:9)
2022-02-12T11:58:50.712014+00:00 app[web.1]: at Socket.Readable.push (node:internal/streams/readable:228:10)
2022-02-12T11:58:50.712015+00:00 app[web.1]: at TCP.onStreamRead (node:internal/stream_base_commons:190:23) {
2022-02-12T11:58:50.712015+00:00 app[web.1]: length: 166,
2022-02-12T11:58:50.712016+00:00 app[web.1]: severity: 'FATAL',
2022-02-12T11:58:50.712016+00:00 app[web.1]: code: '28000',
2022-02-12T11:58:50.712016+00:00 app[web.1]: detail: undefined,
2022-02-12T11:58:50.712017+00:00 app[web.1]: hint: undefined,
2022-02-12T11:58:50.712017+00:00 app[web.1]: position: undefined,
2022-02-12T11:58:50.712017+00:00 app[web.1]: internalPosition: undefined,
2022-02-12T11:58:50.712018+00:00 app[web.1]: internalQuery: undefined,
2022-02-12T11:58:50.712018+00:00 app[web.1]: where: undefined,
2022-02-12T11:58:50.712018+00:00 app[web.1]: schema: undefined,
2022-02-12T11:58:50.712018+00:00 app[web.1]: table: undefined,
2022-02-12T11:58:50.712019+00:00 app[web.1]: column: undefined,
2022-02-12T11:58:50.712019+00:00 app[web.1]: dataType: undefined,
2022-02-12T11:58:50.712019+00:00 app[web.1]: constraint: undefined,
2022-02-12T11:58:50.712019+00:00 app[web.1]: file: 'auth.c',
2022-02-12T11:58:50.712019+00:00 app[web.1]: line: '496',
2022-02-12T11:58:50.712019+00:00 app[web.1]: routine: 'ClientAuthentication'
2022-02-12T11:58:50.712020+00:00 app[web.1]: }
------------------------------------------------------------------------------------
Solution

  • the app was a nodejs blogging app so there was no need for security

    const pool = new Pool({
    connectionString: process.env.DATABASE_URL,
   
         ssl: {
        rejectUnauthorized: false,
    },
   
});