We would like to use SSL to secure data transmission between our app server and postgres server as they are both on the public internet. We cannot use SSH tunnels as our infrastructure doesn’t allow it. Using client SSL keys poses a number of structural issues for us as well.
Instead we would like to use MD5 Username/Password to authenticate to Postgres while having postgres encrypt the data transfer via SSL (forced). Is this possible? If so:
1. are there any issues with doing things this way?
2. we have configured pg_hba.conf with hostssl and md5 clientcert=0 but cannot seem to get the correct connection string combination. Could someone point me in the correct direction.
