Building a firewall for MySQL with Greensql

Because you can protect your database against SQL infection, Greensql is known as the "firewall" of the MySQL database.

A large number of attacks on Web sites and Web applications are directly linked to so-called SQL injection vulnerabilities. This is a serious problem for some applications that are not well written. Because it controls the data sent to the Web server, it allows remote users to send arbitrary SQL commands to the database server and also uses SQL commands against legitimate database queries executed by Web applications. Typically, this confrontation occurs without any prior inspection or clean-up. What can be made to remedy this flaw? Greensql is the "firewall" of the MySQL database. What it does is intercept the SQL commands that are being sent to MySQL, check the commands, and then stop asking or releasing them in moderation. The query results are then returned to the invoked application.

Greensql provides a binary package for some Linux distribution kits. If your distribution is not covered by the download page (http://www.greensql.net/download), you can download the Greensql-console and GREENSQL-FW source compilation. Here's how to install the two files after downloading them:

# tar Xvzf greensql-fw-0.9.4.tar.bz2

# CD greensql-fw-0.9.4

#./build.sh

# greensql-create-db.sh

The last command will create a required MySQL database for greensql, so you must make sure that MySQL is running and is set to listen to a port (in other words, make sure "Skip networking" is not set to/ETC/MY.CNF). To start and test the Greensql, use this:

# greensql-fw-p/etc/greensql &

# mysql-u Root-h 127.0.0.1-p 3305-p

The Greensql agent listens to Port 3305. This means that any agent-greensql application needs to be configured to be unable to use the local UNIX jack or to connect to the local host's 3306 port, instead, it should be connected through a 3305 port.

The Greensql-console package provides a web interface that can be used to view locked queries or to set the content and scope to be locked. Unzip the Greensql-console source code to your site tree and adjust the CONFIG.PHG to suit your chosen greensql username, password, and database name.

Also, if you have Greensql installed, you will want to make sure that Greensql can be run on any system. Depending on your Linux version, it's likely to be as simple as copying a copy of the initialization script from the GREENSQL-FW source tree. (for example, Rpm/greensql-fw.redhat.init), perhaps, you want to add it to your local startup script.