DataBase Firewall a GreenSQL example
To defend against SQL Injection attacks there are Database Firewalls, the article offers a brief introduction to GreenSQL, an OpenSource database firewall
Hacker attacks are now on the agenda, a SQL injection can damage an application even in a compromising way.
It is often frequent that the damage caused by an attack does not appear immediately but after a few days, in such a way as to make backup procedures very complex.
It is true that the best solution is to write applications immune to this type of attack, but who can host third-party sites, or more generally a provider, how can they defend themselves against all this?
There are solutions designed precisely to stem this problem, of systems that act as reverse proxies between WebServer and DBServer that have the task of defending data from these problems.
In this article we present GreenSQL an Open Source Database Firewall.
GreenSQL is compatible with MySQL and PostgreSQL:
Implementing a reverse proxy logic, it must be configured between Web Server and DB Server in other words means that the web application will not have to be configured to connect to the DB directly, but will have to connect to the Database Firewall, which only after analyzing the query and having established that it is secure, will forward it to the DB Server.
The following figure shows the process implemented by GreenSQL
GreenSQL contacts the DB Server to execute the SQL commands, while the application communicates directly with the Database firewall.
GreenSQL can be used in four ways:
- Simulation Mode (IDS database)=>
In this mode nothing is blocked, the firewall acts as an IDS, notifying suspicious queries on the console.
Blocking Suspicious Commands (IPS database)=>
In this configuration GreenSQL uses its own heuristic engine to find illegal queries and automatically block them, implementing a basic IPS.
Learning mode=>
This mode consists in training GreenSQL to keep all SQL queries in a whitelist, at the end of the training the system will go alone in a protection mode.
Active protection from unknown queries=>
This is the DB Firewall mode, all unknown queries will not be executed, unknown queries the firewall will only calculate the risk and give evidence to the administrator.
GreenSQL Distribution:
GreenSQL is distributed in three versions:
Community
Pro
Light
The matrix of features is available on the DOWNLOAD page of the official website.
Performance:
One last necessary reflection to be spent on the performances, the first reaction we have, for those who have never used it, is to see an intermediate node between the application and DB, which would seem to penalize the performances.
However, the caching mechanisms of GreenSQL make it possible to guarantee good performance in any case, and not to weigh down the DB Server with the same queries.
We are not advocating GreenSQL due to the above reasons, but this is just for a knowledge example. Dbametrix is providing only remote Database Administration support for Oracle and SQL database servers including cloud servers for instance DBaaS DBA support. Stay connected with our Expert DBA team club blog for more knowledge gain articles on the database from this blog or from here.
When you want to make a strong Oracle DBA career then you should be aware of database services and other database technology. Without having knowledge of Oracle internals, Oracle performance tuning, and skill of Oracle database troubleshooting you can’t be an Oracle DBA expert.
This expert DBA Team club blog always provides you latest technology news and database news to keep yourself up to date. You should need to be aware of Cloud database technology like DBaaS. All Oracle DBA tips are available in a single unique resource at our orageek. Meanwhile, we are also providing some sql tutorials for Oracle DBA. This is the part of Dbametrix Group and you would enjoy more advanced topics from our partner resource.