From 551cdde67cdff017e042ba06cec16a64fd179174 Mon Sep 17 00:00:00 2001
From: Juancho <jumacabo@microsoft.com>
Date: Fri, 31 Oct 2025 11:59:11 +0100
Subject: [PATCH] Require SSL for connecting to PostgreSQL

---
 .../src/Services/PostgresService.cs                       | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs b/tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs
index 36fa04567..dbb18526f 100644
--- a/tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs
+++ b/tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs
@@ -219,7 +219,13 @@ private sealed class PostgresResource : IAsyncDisposable
 
         public static async Task<PostgresResource> CreateAsync(string connectionString)
         {
-            var dataSource = new NpgsqlSlimDataSourceBuilder(connectionString)
+            // Configure SSL settings for secure connection
+            var connectionBuilder = new NpgsqlConnectionStringBuilder(connectionString)
+            {
+                SslMode = SslMode.VerifyFull // See: https://www.npgsql.org/doc/security.html?tabs=tabid-1#encryption-ssltls
+            };
+
+            var dataSource = new NpgsqlSlimDataSourceBuilder(connectionBuilder.ConnectionString)
                 .EnableTransportSecurity()
                 .Build();
             var connection = await dataSource.OpenConnectionAsync();