Skip to content

DBMigrate: allow unauthorized connections to DB #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SteRiccio merged 2 commits into from
Jan 5, 2026
Merged

DBMigrate: allow unauthorized connections to DB #96

SteRiccio merged 2 commits into from
Jan 5, 2026

Conversation

@SteRiccio
Copy link
Member

@SteRiccio SteRiccio commented Jan 5, 2026

No description provided.

@SteRiccio SteRiccio requested a review from Copilot January 5, 2026 12:16
@SteRiccio SteRiccio self-assigned this Jan 5, 2026
Copilot AI reviewed Jan 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modifies the database migration SSL configuration to support unauthorized SSL connections by utilizing the pgSslAllowUnauthorized environment variable. When enabled, this allows SSL connections without certificate validation.

Key changes:

  • Modified SSL configuration to conditionally set rejectUnauthorized: false based on the pgSslAllowUnauthorized flag
  • The configuration applies uniformly across development, production, and test environments

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/db/dbMigrator/dbMigrate.ts Outdated
Comment on lines 19 to 23
ssl: ProcessEnv.pgSslAllowUnauthorized
? {
rejectUnauthorized: false,
}
: ProcessEnv.pgSsl,
Copy link

Copilot AI Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SSL configuration change applies to all environments including production (see line 31 in getConfig). Allowing unauthorized SSL connections in production environments can expose the application to man-in-the-middle attacks and defeats the purpose of SSL/TLS encryption.

Consider whether pgSslAllowUnauthorized should only be respected in development/test environments, or add explicit warnings in documentation about the security implications of enabling this setting in production.

Suggested change
ssl: ProcessEnv.pgSslAllowUnauthorized
? {
rejectUnauthorized: false,
}
: ProcessEnv.pgSsl,
ssl:
ProcessEnv.nodeEnv !== 'production' && ProcessEnv.pgSslAllowUnauthorized
? {
rejectUnauthorized: false,
}
: ProcessEnv.pgSsl,

Copilot uses AI. Check for mistakes.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@SteRiccio SteRiccio merged commit efb4b4c into master Jan 5, 2026
5 checks passed
@SteRiccio SteRiccio deleted the fix/dbmigrate-allow-unauthorized branch January 5, 2026 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@SteRiccio SteRiccio

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SteRiccio