Saturday, October 31, 2020
    Home Database Technology DataBase Firewall

    DataBase Firewall

    Article explains how to deploy database firewall to prevent SQL injection attack.

    DataBase Firewall a GreenSQL example

    To defend against SQL Injection attacks there are Database Firewalls, the article offers a brief introduction to GreenSQL, an OpenSource database firewall

    Hacker attacks are now on the agenda, a SQL injection can damage an application even in a compromising way.

    - Advertisement -

    It is often frequent that the damage caused by an attack does not appear immediately but after a few days, in such a way as to make backup procedures very complex.

    It is true that the best solution is to write applications immune to this type of attack, but who can host third-party sites, or more generally a provider, how can they defend themselves against all this?

    There are solutions designed precisely to stem this problem, of systems that act as reverse proxies between WebServer and DBServer that have the task of defending data from these problems.

    In this article we present GreenSQL an Open Source Database Firewall.

    GreenSQL is compatible with MySQL and PostgreSQL:

    - Advertisement -

    Implementing a reverse proxy logic, it must be configured between Web Server and DB Server in other words means that the web application will not have to be configured to connect to the DB directly, but will have to connect to the Database Firewall, which only after analyzing the query and having established that it is secure, will forward it to the DB Server.

    The following figure shows the process implemented by GreenSQL

    GreenSQL contacts the DB Server to execute the SQL commands, while the application communicates directly with the Database firewall.

    GreenSQL can be used in four ways:

    • Simulation Mode (IDS database)=>
      In this mode nothing is blocked, the firewall acts as an IDS, notifying suspicious queries on the console.
      Blocking Suspicious Commands (IPS database)=>
      In this configuration GreenSQL uses its own heuristic engine to find illegal queries and automatically block them, implementing a basic IPS.
      Learning mode=>
      This mode consists in training GreenSQL to keep all SQL queries in a whitelist, at the end of the training the system will go alone in a protection mode.
      Active protection from unknown queries=>
      This is the DB Firewall mode, all unknown queries will not be executed, unknown queries the firewall will only calculate the risk and give evidence to the administrator.

    GreenSQL Distribution:

    GreenSQL is distributed in three versions:


    The matrix of features is available on the DOWNLOAD page of the official website.


    One last necessary reflection and to be spent on the performances, the first reaction we have, for those who have never used it, is to see an intermediate node between application and DB, which would seem penalizing for the performances.

    However, the caching mechanisms of GreenSQL make it possible to guarantee good performance in any case, and not to weigh down the DB Server with the same queries.

    We are not advocating GreenSQL due to above reasons but this is just for a knowledge example. Dbametrix is providing only remote Database Administration support for Oracle and SQL database servers including cloud servers for an instance DBaaS DBA support. Stay connected with our Expert DBA team club blog for more knowledge gain articles on database from this blog or from here.

    - Advertisement -
    - Advertisment -

    Most Popular

    Identifying important information in Big Data

    The way in which Big Data technologies have evolved in the real word enterprise goes on to show that even technologists and scientists who might have disparaged the word (Big Data) previously

    Five Reasons Why Database Outsourcing

    The blog post explains why database outsourcing and remote dba support becomes most popular during present time of Covid-19 Pandemic.

    Hardware of Database Server

    The blog post explains how to choose best hardware of your database server for getting high performance and security.

    oracle 19c new features – Automatic Indexing

    A major Oracle 19c autonomous database new Feature automatic indexing using DBMS_AUTO_INDEX some details and how to article.

    Recent Comments