Re: Restrict connection from pgadmin. - Mailing list pgsql-general

From David G. Johnston
Subject Re: Restrict connection from pgadmin.
Date
Msg-id CAKFQuwbAJg+Q4BUn+U2wfyG4ne8AurzTfJcAP78UwF73FBQfEQ@mail.gmail.com
Whole thread Raw
In response to Restrict connection from pgadmin.  (Pawan Sharma <pawanpg0963@gmail.com>)
List pgsql-general
On Sun, Feb 2, 2020 at 11:48 PM Pawan Sharma <pawanpg0963@gmail.com> wrote:
Hi All, 

Is there any way to restrict the connection only from pgadmin???  The same user can connect through application but can't from pgadmin.. Or any logon triggers..???

Why just pgAdmin?  Why not psql?  How do you expect to know the difference? Its all the same protocol going back-and-forth no matter what kind of user interface you provide to the user.

You can make it difficult for the user to gain direct access from their machine while allowing a local application to do so, but I'm doubtful it can be made hacker-proof.  Specifically the user can be assumed to be allowed to attempt a connection but if they lack valid credentials they will be unable to get in.  If you need connection-level security you want to host the application on a separate machine that does have access to PostgreSQL and only provide user interface access to the application to the user.  As they are never truly on the machine that has access to the database they will be unable to establish their own connection.

You can log and monitor logon attempts but there is no server level triggers.  Again, the client sends along all of the validation information and so can make up values for any parameters you might wish to check so that they look like, i.e., your application as far as the authentication code is concerned.

David J.

pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: Restrict connection from pgadmin.
Next
From: Ravi Krishna
Date:
Subject: Re: Restrict connection from pgadmin.