It makes me a bit tired that I am currently responding to an incident about my colleague changing shit with postgres to enable using TLS instead of unencrypted password auth.
-
It makes me a bit tired that I am currently responding to an incident about my colleague changing shit with postgres to enable using TLS instead of unencrypted password auth.
It wasn't a priority, or even considered, for over 4 years of me working here. But someone mentioned it last week and now he immediately implemented it and shipped it even though I have OTHER shit to deal with than this.
Sure, TLS is cool, but this:
- wasn't requested by anyone we need to care about
- doesn't solve an immediate security issue
- doesn't support any application requirements
it's just a huge change for the sake of having TLS on postgres suddenly.
-
It makes me a bit tired that I am currently responding to an incident about my colleague changing shit with postgres to enable using TLS instead of unencrypted password auth.
It wasn't a priority, or even considered, for over 4 years of me working here. But someone mentioned it last week and now he immediately implemented it and shipped it even though I have OTHER shit to deal with than this.
Sure, TLS is cool, but this:
- wasn't requested by anyone we need to care about
- doesn't solve an immediate security issue
- doesn't support any application requirements
it's just a huge change for the sake of having TLS on postgres suddenly.
@rune did he just read an article or something about so-called "zero trust"?
