GreenSQL – Open Source Database Firewall
What is GreenSQL?
GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works in a proxy mode and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.
How it works?
The GreenSQL database firewall provides database protection using a number of methods:
- Blocking administrative and sensitive SQL commands.
- Calculating risk of each query and blocking queries with high risk.
1) Blocking specific SQL commands
GreenSQL uses a pattern matching engine to find commands that are considered “illegal“. For example GreenSQL blocks database administrative commands. The GreenSQL administrator can decide which commands to block using the GreenSQL web management console. The administrator can also approve a blocked query by adding them to a whitelist.
Risk Calculation
For each query GreenSQL calculates its risk. After the risk is calculated GreenSQL can block the query or just create a warning message. There are a number of factors that are taken into account when calculating risk. For example:
* Access to sensitive tables increases risk query (users, accounts, credit information)
* Comments inside SQL commands increases query risk
* Usage of an empty password string
* Found ‘or’ token inside query
* Found SQL expression that always return true
* Comparison of constant values
How commands are blocked?
When GreenSQL determines that a query should be blocked it will generate an empty result set to send back to the front end so that the application can continue gracefully.
How Whitelist works?
Each time GreenSQL considers a SQL query as a security risk – it is blocked. You can alter this behavior for a specific query by explicitly allowing its pattern.
What is a GreenSQL Listener?
A GreenSQL Listener object is the heart of the GreenSQL Databae Firewall. A Listener is a proxy object used to connect queries from the frontend to a specific backend server. Before passing the query to the backend it is checked by the Listener to determine if it is malicious and if so how it should be handled (block, alert, pass).
Thank you,
Arun Bagul