GreenSQL is a firewall that has to protect you from SQL injection. Basically it works on a reverse proxy-principle. Your application/webserver connects to the GreenSQL Proxy which verifies the query and gets the data from the database.
There are 4 modes to run GreenSQL in:
- database IDS (intrusion detection system)
- database IPS (intrusion prevention system)
- Learning mode
- database firewall
The IDS mode uses a risk matrix engine that scores the incoming queries and blocks the suspicious queries. The IPS mode uses an heuristics engine to find suspicious queries. If a query is considered illegal, it is checked against a white list. An illegal query results in an empty result set.
GreenSQL uses a pattern matching engine to analyse the SQL queries. The following queries automatically are considered illegal:
- database administrative commands
- commands that change a database structure
- commands that access the file system
I had contact before this talk with the GreenSQL people to see what there plans are for commercial databases like Oracle, DB2 an MS SQL. I got an answer and they are working on it.
No comments:
Post a Comment