I’ve setup my Django
settings.py in such a way that I can access the Postgres instance in the cloud containing my production data in my local development environment by running this command in my local venv shell and in this format:
It’s a very helpful feature. I love it.
As an example, here is a Postgres instance which contains placeholder content:
You would think that posting the above URI on a public forum like this one is terrible security practices however Heroku gives admins a tool to generate a new Postgres username/password combo. Here is the command:
(venv) $ heroku pg:credentials:rotate
Before starting this thread, I invoked it. So the hostname, port, and name remain the same, but the new Postgres user/password is completely different.
If an attacker discovered my Postgres username, to brute force a password that is 64 characters long and a 36 charset size, this has 250 bits of entropy making it impossible to crack with current silicon.
Here is my question for all of you now: Since the username/pass is now different, for confirmation and verification, my site is still secure and my data is protected, is this correct?