Tom Lane wrote:
> Pawan Sharma <pawanpg0963@gmail.com> writes:
> > Yes I will show the pgadmin in stat_activity but how can block that..
> > I think I need to create a job to terminate the pgadmin connections and
> > schedule it for every 5 min and so that I will check any new connections
> > from pgadmin.
>
> I think onlookers are still completely mystified as to why you consider
> this a useful activity.
>
> pgadmin is nothing but a GUI. Whatever can be done through it can be
> done equally well through psql, or any other client software. So if
> you're looking for security against unwanted SQL commands, you're going
> about it the wrong way (better to look at preventing logins of privileged
> accounts, and/or use of SQL permissions to limit what can be done).
> If your objective is something else, you haven't explained what that is.
>
> regards, tom lane
You could give normal/application users/roles very
limited permissions (i.e. just the ability to execute
pre-existing security-defining functions and nothing
else), and have a database owner user/role with all the
permissions to create those functions. That's my insane
setup and I love it. Then use pg_hba.conf to limit
which IP addresses the database owner user/role can log
in from. You could also uninstall pg_admin. :-)
Also, if you are worried about "doing a lot of damage
in a minute", always script everything and test it
first either in a transaction that will rollback or on
a test server before executing it in production. I
don't think a GUI is suitable for this.
cheers,
raf
