SQL Injection, yes It’s often happens around the web. In fact in real life example a lot of Content Management systems were affected by this weakness. Technically there was no software to protect or check SQL queries for suspected activity. Recently an open source software called GreenSQL offers a firewall solution for MySQL queries. It’s an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.
How it works?
GreenSQL acts as a reverse proxy for MySQL connections. It means, that instead of MySQL server, your applications will connect to GreenSQL server. GreenSQL will analyze SQL queries and forward them to the back-end MySQL server. Maybe this diagram will help you to understand the concept of it
GreenSQL calls real database server to execute SQL commands and web application connects to GreenSQL server as if it is a real database server. It can be installed together with database server on the same computer or it can use a distinct server. By default GreenSQL listens on local port 127.0.0.1:3305 redirecting SQL requests to 127.0.0.1:3306 (default MySQL settings). This settings could be changed via GreenSQL Console.
Possible ways to use it:
- Simulation Mode (database IDS)
- Blocking Suspicious Commands (database IPS)
- Learning mode
- Active protection from unknown queries (db firewall)
What it does?
GreenSQL uses a pattern matching engine to find commands that are considered “illegal”. Basically this is a signature-based subsystem. For example, the following commands will be considered “illegal”: database administrative commands; commands that try to change db structure; commands used to access system files. Administrator can also approve “illegal” query by adding it to the whitelist or by altering configuration file with a list of “illegal” patterns.
For each query GreenSQL calculates its risk. Basically this is anomaly detection subsystem. After the risk is calculated GreenSQL can block the query or just create a warning message (depends on the application mode). There are a number of heuristics we use when calculating risk
How commands are blocked?
When GreenSQL determines that a query should be blocked it will generate an empty resultset send back to the application so it can continue gracefully.
How Whitelist works?
Each time GreenSQL considers a SQL query as a security risk – it is blocked. You can alter this behavior for a specific query by explicitly adding it to the whitelist. New: During the Learning mode all new queries are automatically added to the whitelist.
This product is open source and I really hope not so distance future the web hosting companies would implement it. Here is the download. Go ahead and test it out.