Closed jmn closed 7 years ago
Thanks for your question!
Not by default, no. Despite being for Heroku applications, there's no constraint on this application to actually be run on Heroku. There's nothing to stop you enabling Stunnel a particular deployment of the app using the above guide but (for now at least) I consider it out of scope for the default install.
Happy to take further guidance on this though as it's not something i'm particularly knowledgeable of.
Is this software using secure communication (https://devcenter.heroku.com/articles/securing-heroku-redis) such as stunnel to communicate with redis? If not, what are the implications of a possible attack?