Reverse enginerring PostgreSQL database with SSL connection in SchemaSpy

Question

When running SchemaSpy get error:

Connection failed because of the following error: "no pg_hba.conf entry for host "xxx.xxx.xxx.xxx", user "xxxx", database "xxx", SSL off"

The error occurs because the database does require an SSL connection.

Is there a way to turn on the SSL flag for a connection in SchemaSpy, I opened up the jar file but couldn't find anything. I know the PostgreSQL JDBC Driver supports SSL so this should be theoretically possible.

Otherwise if any one knows any opensource/freeware tools for reverse engineering a postgresql database with an SSL connections, that would help a lot.

Thanks.

Answer 1

Per the PgJDBC documentation, use the ssl=true option in your URL's parameters, e.g.

jdbc:postgresql://myhost/mydb?ssl=true

If the host doesn't have a valid certificate or the cert doesn't match its hostname you can disable SSL validation too.

SchemaSpy accepts a JDBC URL for the connection, so this will work fine.

Answer 2

Do it like this:

java -jar schemaSpy_5.0.0 -t pgsql -host your-host-url -db your-database-name -s your-database-schema -u your-username -p your-password -connprops "ssl\=true;sslfactory\=org.postgresql.ssl.NonValidatingFactory" -o path-to-your-output-directory -dp path-to-your-jdbc-driver-jar-file

The trick: adding some additional parameters using the -connprops option: we are setting SSL to true (ssl parameter) and we are asking the client (i.e., the driver) to unconditionally accept the SSL connection (sslfactory parameter).