hello, I want to establish basic security for my pgsql database, which is on a commercial web server. In particular, I don't want people to be able to login from the internet as my superuser.
If I ALTER USER my_superuser NOLOGIN, will that be sufficient? I've passworded that user, but I seem to be able to get access myself without providing the password.