4

I'm setting up my own postgres database to use with a heroku app (I don't wanna pay $200 a month just to have postgis, I don't need a huge database or anything, just postgis). I'm enabling remote access to my postgres database but it seems I have to do it on a per-ip basis with something like the following line in my pg_hba.conf file:

host all all 67.162.57.30/8 md5

Now that's all fine and good, except I have no idea from what ip heroku will be trying to access my database. I was considering just changing the line to:

host all all 0.0.0.0/0 md5

But that feels dangerous. So two part question:

  1. Is this really as dangerous as I feel it is?

  2. If it really is as dangerous as I feel it is, is there a different way to approach the problem?

Kurtis Nusbaum
  • 183
  • 7

1 Answers1

3

Make sure you change pg_hba to only allow SSL connections and you should be ok. You should also look into certificate based authentication. You may be interested in the new $50/month production database plan instead of the previous $200/mo entry point.

mgorven
  • 30,615
  • 7
  • 79
  • 122
Will
  • 131
  • 1