Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wCH2d-001p4n-0i for pgsql-admin@arkaria.postgresql.org; Mon, 13 Apr 2026 13:09:27 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wCH2b-006wUe-1r for pgsql-admin@arkaria.postgresql.org; Mon, 13 Apr 2026 13:09:26 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wCH2a-006wUJ-27 for pgsql-admin@lists.postgresql.org; Mon, 13 Apr 2026 13:09:26 +0000 Received: from resqmta-a2p-658919.sys.comcast.net ([2001:558:fd01:2bb4::8]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wCH2W-00000000q4i-0rNs for pgsql-admin@lists.postgresql.org; Mon, 13 Apr 2026 13:09:23 +0000 Received: from resomta-a2p-646967.sys.comcast.net ([96.103.145.240]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 256/256 bits) (Client did not present a certificate) by resqmta-a2p-658919.sys.comcast.net with ESMTPS id CFfVwsXLTCD9oCH2Kw34iR; Mon, 13 Apr 2026 13:09:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=20190202a; t=1776085748; bh=Da5wTwsDNutm2elmp4ehBIkqy8UkFVbKt9KxLEeGYOM=; h=Received:Received:Message-ID:Date:MIME-Version:To:From:Subject: Content-Type:Xfinity-Spam-Result; b=vUPO9GJ3sRVf6uiJBGAZYe8Jfc/+o+A6kSsWWBeyBcOfed9NxHZW0IYozYcMvvKs5 gFfkJ6ybHksYCG6Y+XE0BkxKLXNAp/ntwwRKCbpinuv0qfShJHLEK3z4S4EiZdu+hQ GYJTs+V9d/PUkP3+MpABI9XgqR5PydY3WVSFO3vTCS3T7qSRH2jDSJJ7v/CDk7MArG 03Bn1pNWhR5KBitIvoI8ou0ttaJjOmQ1PM5O8fQ2i0O9b3Z93axtXcUI8MbSObbA2o NQFldqk8WCfigHGxBkwN0C+5STbH7/R7DcaTis7mtpqydoybj9f+q4ccfwzZu/BbZI Pw4hMi6k4XkDQ== Received: from [192.168.0.82] ([174.166.2.57]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 256/256 bits) (Client did not present a certificate) by resomta-a2p-646967.sys.comcast.net with ESMTPSA id CH2IwOr0bZWAWCH2JwxiiD; Mon, 13 Apr 2026 13:09:07 +0000 Xfinity-QID: CH2IwOr0bZWAWCH2JwxiiD Message-ID: <31b00cee-fc14-4872-aef1-f6151c7cd1ee@comcast.net> Date: Mon, 13 Apr 2026 09:09:05 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: pgsql-admin@lists.postgresql.org Content-Language: en-US From: AJ Weber Subject: sslmode - detecting local docker Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfOUD7wb4bXmkJn8jFcC4aRI3McASXEka2ZRoUdwi6xrFJFcSifPaVNLZNWSzFeGBqUNEpVZ4+MfFzwNRwRZDaK230W20kZreIg+C56gSr2N6uxfzEQ0T MD8EQJf/nmMFxLAj88jBr3gtm/34N/WH5+JkzjPSqMqpSMsdZUQu1Vy3aqvtdAgFxrOD/AUTnjM3kb+3clFy+cpC4J/akcqMSmY= List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk I'm trying to configure my custom JDBC connection to be as safe as practical. Years gone by, I would simply check if the URL (configured-property) had "localhost" in it, and do nothing. Recently I decided I'd check for localhost AND see if any "ssl" was explicitly already set in the URL.  If not, I tried adding ssl=true as a connection param.  This fails when using a postgresql docker container, because they typically are not configured for SSL, but the hostname is also not "localhost". Besides changing my logic to add "sslmode=prefer" (instead of "true", which may be the default anyway), does anyone have a good way to determine if the JDBC URL is actually a docker container running on the same host? Currently running v16.x, but these modes haven't changed in a long time, so I suppose this question applies across currently supported versions. Thanks in advance, AJ