cd15oy
commented
5 years ago Basically we just need to follow the instructions here https://www.postgresql.org/docs/9.1/ssl-tcp.html
This is for using ssl when communicating with the database. In effect the database will still have a username and password, but it will refuse any connection if the person connecting does not have a trusted certificate. Whenever the front-end asks the back-end to do work, the front end will provide the back-end with a username, password, and trusted certificate.
Our back-end is using https, so if we have a proper certificate the front-end can be sure that its actually talking to the DB, and that the communication is private. Since the front-end actually generates and provides a trusted certificate, it knows that the backend is actually us. On the back-end we just need to verify that the provided certificate is for a domain that the job-submitter owns, otherwise a thrid party could submit phony jobs and basically trick us into DDOSing someone
Currently the Database is accessed at an address taken from a config file on the back end. When a job is submit to the back-end, that job should contain the address of the DB to update, the submit job should also contain a key which will allow the backend to update the DB. The backend should use this key, not our user name and password, to update the DB. The frontend can then deauthorize this key at its leisure.