change default sslmode for postgres to verify-full (#9736)

a503c1d3 · Sven Klemm · Daniel Lee · 948a5259 · a503c1d3 · a503c1d3
Commit a503c1d3 authored Oct 31, 2017 by Sven Klemm Committed by Daniel Lee Oct 31, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

docs/sources/installation/configuration.md
+2 -2

pkg/tsdb/postgres/postgres.go
+1 -1

No files found.
--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@@ -551,7 +551,7 @@ session provider you have configured.

 - **file:** session file path, e.g. `data/sessions`
 - **mysql:** go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
- **postgres:** ex:  user=a password=b host=localhost port=5432 dbname=c sslmode=require
+- **postgres:** ex:  user=a password=b host=localhost port=5432 dbname=c sslmode=verify-full
 - **memcache:** ex:  127.0.0.1:11211
 - **redis:** ex: `addr=127.0.0.1:6379,pool_size=100,prefix=grafana`

@@ -580,7 +580,7 @@ CREATE TABLE session (
 );
 ```

-Postgres valid `sslmode` are `disable`, `require` (default), `verify-ca`, and `verify-full`.
+Postgres valid `sslmode` are `disable`, `require`, `verify-ca`, and `verify-full` (default).

 ### cookie_name


--- a/pkg/tsdb/postgres/postgres.go
+++ b/pkg/tsdb/postgres/postgres.go
@@ -51,7 +51,7 @@ func generateConnectionString(datasource *models.DataSource) string {
 		}
 	}

-	sslmode := datasource.JsonData.Get("sslmode").MustString("require")
+	sslmode := datasource.JsonData.Get("sslmode").MustString("verify-full")
 	return fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=%s", datasource.User, password, datasource.Url, datasource.Database, sslmode)
 }