PostgreSQL SSL Hardcodes `rejectUnauthorized: false` — Critical MITM Vulnerability in Database Driver

A critical security flaw in a PostgreSQL database driver actively disables TLS certificate verification, opening all encrypted connections to potential man-in-the-middle (MITM) attacks. The vulnerability is hardcoded in the source, leaving users with no way to opt-in to proper certificate validation. This means any attacker positioned to intercept traffic could successfully decrypt and manipulate database communications that are ostensibly protected by SSL.

The issue resides in the `packages/database/src/drivers/PostgresConnection.ts` file at line 42. When SSL is enabled via configuration, the code unconditionally sets `ssl: { rejectUnauthorized: false }`. This setting explicitly instructs the underlying TLS library to accept any certificate, including those presented by an attacker. The current implementation provides no pathway for developers to override this behavior and enforce secure verification, even if they possess the correct Certificate Authority (CA) bundles.

The fix requires modifying the logic to pass through a full SSL configuration object when provided, allowing settings like `{ rejectUnauthorized: true, ca: ... }`. Furthermore, the default behavior must be corrected so that a simple `ssl: true` configuration defaults to `rejectUnauthorized: true`, enforcing security by default. This vulnerability is classified as critical because it undermines the fundamental trust mechanism of TLS for all PostgreSQL connections using this driver, exposing sensitive application data to interception.