>> My application implements field and row level security.
>> I have custom table of users where user privileges are described.
>>
>> However user can login directly to database using pgAdmin. This bypasses
>> the security.
>>
>> How to allow users to login only from my application ?
>> I think I must create server-side pgsql procedure for login validation.
>
> What role are your users using to login via PgAdmin?
Users should always login form my application only.
pgAdmin login is reserved only for sysadmins who login as user postgres
always.
> Why not simply deny them access in pg_hba.conf?
I have 5432 port opened to public internet and users use my application from
internet.
pg_hba doesn't allow access per application basics.
Denying acces from pg_hba.conf also denies access from my application.
Andrus.