保護DataHogo
Security Encyclopedia/Database Connections
highCWE-295OWASP A02:2021

Missing Database SSL Certificate Validation

Your database SSL connection uses rejectUnauthorized: false, which encrypts traffic but doesn't verify the server's identity, leaving you open to man-in-the-middle attacks.

How It Works

SSL without certificate validation is like locking your door but not checking who's on the other side. Your data is encrypted in transit, but an attacker who intercepts the connection (e.g., via ARP spoofing on cloud internal networks) can present any certificate and your client will accept it. You're now sending your database credentials and queries to the attacker's machine.

Vulnerable Code
// BAD: SSL enabled but certificate validation disabled
const pool = new Pool({
  connectionString: process.env.DATABASE_URL,
  ssl: {
    rejectUnauthorized: false // disables cert validation — MITM risk
  }
});
Secure Code
// GOOD: enable SSL with proper certificate validation
const pool = new Pool({
  connectionString: process.env.DATABASE_URL,
  ssl: {
    rejectUnauthorized: true, // verify server cert (default should be true)
    ca: process.env.DB_CA_CERT // pin your DB provider's CA cert for extra security
  }
});

Real-World Example

rejectUnauthorized: false is one of the most common 'fix' suggestions on Stack Overflow for SSL errors with self-signed certificates — and one of the most dangerous. Many production apps have this configuration from a hasty developer copy-paste, leaving their database communication vulnerable to interception.

How to Prevent It

  • Always keep rejectUnauthorized: true (the default) — never set it to false in production
  • If you're getting SSL errors with a self-signed cert, fix the cert issue rather than disabling validation
  • For managed databases, download the CA certificate from your provider and pin it with the ca option
  • Use the NODE_EXTRA_CA_CERTS environment variable to add custom CA certs without disabling validation
  • Audit for rejectUnauthorized: false in your codebase — it's a common 'temporary fix' that goes permanent

Affected Technologies

Node.jsPython

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

Unencrypted Database Connection

high

Your database connection doesn't use SSL/TLS, meaning all queries and results travel over the network in plaintext and can be intercepted.

CWE-319OWASP A02:2021

Database Publicly Accessible

critical

Your database is bound to 0.0.0.0 or exposed on a public IP without a VPC or firewall, making it directly reachable from the internet.

CWE-284OWASP A05:2021

Default Database Credentials

critical

Your database uses factory-default credentials like postgres:postgres, root:root, or admin:admin — the first thing any attacker tries.

CWE-1392OWASP A07:2021

Connection String with Inline Password

high

A database connection string with a plaintext password is hardcoded in your source code, committing your database credentials to version control.

CWE-312OWASP A02:2021