Introduction to open Source database firewall Greensql

Introduction of a MySQL and PostgreSQL database firewall--greensql

Greensql is an open source database firewall that protects the database against SQL injection attacks. The Greensql project acts as an agent for SQL commands and supports built-in support for MySQL and PostgreSQL. This logic is based on the risk evaluation score matrix for the SQL command used and the management commands that block known databases (delete, create, and so on). Greensql is issued under the GPL license agreement.

GREENSQL structure

The Greensql project acts as a reverse proxy for MySQL connections. This means that instead of directly connecting to the MySQL server, the application will connect to the Greensql server. Greensql analyzes the client's SQL queries and then forwards them to the MySQL server on the back end if they are safe.

The following figure describes the entire process.

As you can see, Greensql calls the real database server to execute the SQL command and the Web application connects to the Greensql server as if it were a real database server. Transparent to Application

Greensql can be installed on the same computer server as the database, or you can use a different server. By default, Greensql listens on 127.0.0.1:3306 ports (the default MySQL settings) local port 127.0.0.1:3305 redirect SQL requests. These settings can be changed using the Greensql console

The Greensql database firewall can be used in many ways:

* Analog mode (database ID)

* Block suspicious commands (IPs for database)

* Learning Mode

* Active protection (database firewall) unknown query

In analog mode is basically not blocked. In this case, the Greensql (IDs intrusion detection system abbreviation) as the database intrusion detection system. In this mode, our risk identifies suspicious scoring matrix engine queries and notifies the database administrator using the Greensql Management console.

When the system is configured to block suspicious commands, Greensql uses its heuristic engine to find "illegal" automatic queries and block them. In this mode, Greensql is essentially a database IPs system (IPS is an intrusion prevention system). If the query is considered illegal, it will be redirected to the true MySQL server if it is found in the whitelist. If it is found to be "illegal", Greensql will return an empty result set application. In this mode, Greensql false positives and false-negative errors are sometimes produced. Therefore, some legal issues may be blocked or greensql systems can be found by an "illegal" query. These are the advantages and disadvantages of IPS systems. Greensql constantly improves its heuristic engine, but it is still imperfect.

In order to solve our recommended learning mode, and then during the learning period, the disadvantage of the above method is over, switch to the query unknown active protection. In learning mode, all queries are automatically added to the whitelist. When the learning mode is finished, Greensql automatically enables active protection. When active is enabled for unknown queries from protected mode, all unknown commands are blocked. This is the database firewall mode. When an unknown SQL command is detected, it is automatically blocked. In addition, the calculation of its risk Greensql uses its Heuristic method and results display using the Greensql Management console. This is the fastest pattern, because Greensql only calculates the risk that new queries do not occur frequently.

Greensql How do I find an "illegal" query?

Greensql found ways to use suspicious methods to query:

* By identifying sensitive SQL commands

* By calculating the risk of the query