Tom Lane wrote: > Pawan Sharma <pawanpg0963@xxxxxxxxx> writes: > > Yes I will show the pgadmin in stat_activity but how can block that.. > > I think I need to create a job to terminate the pgadmin connections and > > schedule it for every 5 min and so that I will check any new connections > > from pgadmin. > > I think onlookers are still completely mystified as to why you consider > this a useful activity. > > pgadmin is nothing but a GUI. Whatever can be done through it can be > done equally well through psql, or any other client software. So if > you're looking for security against unwanted SQL commands, you're going > about it the wrong way (better to look at preventing logins of privileged > accounts, and/or use of SQL permissions to limit what can be done). > If your objective is something else, you haven't explained what that is. > > regards, tom lane You could give normal/application users/roles very limited permissions (i.e. just the ability to execute pre-existing security-defining functions and nothing else), and have a database owner user/role with all the permissions to create those functions. That's my insane setup and I love it. Then use pg_hba.conf to limit which IP addresses the database owner user/role can log in from. You could also uninstall pg_admin. :-) Also, if you are worried about "doing a lot of damage in a minute", always script everything and test it first either in a transaction that will rollback or on a test server before executing it in production. I don't think a GUI is suitable for this. cheers, raf
