Do you use Heroku Private Spaces? If not, it means your Heroku Postgres is publicly exposed to anyone how gets his hands on the credentials. Can you live with it?
How many requests per minute dose your dyno serve in the busy hours? Can you shed some light on this?
If you send me your db's connection string, I can just open my sql client and read/update whatever I want.
If your db is in a Private Space it is accessible only via a specific IP. So in this case, even of your db's connection string falls into the hand of an attacker, he cannot access the db.
Hi 🙂
Thanks for sharing.
Do you use Heroku Private Spaces? If not, it means your Heroku Postgres is publicly exposed to anyone how gets his hands on the credentials. Can you live with it?
How many requests per minute dose your dyno serve in the busy hours? Can you shed some light on this?
What? How is it exposed?
If you send me your db's connection string, I can just open my sql client and read/update whatever I want.
If your db is in a Private Space it is accessible only via a specific IP. So in this case, even of your db's connection string falls into the hand of an attacker, he cannot access the db.
Who would send one, one?
A private space costs $1000/month. Even a CEO wouldn't pay for that much for his/her side project.
Ah ok (-:
If it's in the context of a side project it's not really an issue.
I was thinking more in the direction of a production app.