SSL is disabled for PostgresSQL

ID

azure_ssl_postgressql

Severity

critical

Vendor

Azure

Resource

Encryption

Tags

reachable

Description

The default value for enforce_ssl property is false. It is that the PostgresSQL connection by default is not by SSL.

This is a security problem because the data transfer is in the plain text.

Learn more about this topic at Azure PostgresSQL.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create container foo and upload a file
      azure_rm_storageblob:
        resource_group: myResourceGroup
        storage_account_name: clh0002
        container: foo
        blob: graylog.png
        src: ./files/graylog.png
        public_access: container
        content_type: 'application/image'

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create container foo and upload a file
      azure_rm_storageblob:
        resource_group: myResourceGroup
        storage_account_name: clh0002
        container: foo
        blob: graylog.png
        src: ./files/graylog.png
        content_type: 'application/image'